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Offshore’s Rise Is Relentless 


Issue is a sensitive one 
for execs, who say cost 
outweighs controversy 


BY PATRICK THIBODEAU 
LOS ANGELES 
Offshore 
outsourcing 
is so main- 
stream that 
by next year, more than 80% of | 
U.S. companies will have had 
high-level discussions about 
the topic. And 40% will have 
completed some kind of pilot 
program or will be using near- 
shore or offshore services. 
Despite that assessment, 
made by Gartner Inc. at an 
outsourcing conference here 
last week, offshore outsourc- 
ing remains a difficult issue for 
executives to talk about. In 
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fact, many attendees were skit- 
tish about responding to ques- 
tions for this article, except in 
the most general terms. 


Corporate officials did, anes 


ever, acknowledge trends re- 


| lated to the politically charged | 


issue. For instance, BP PLC in 
London is discussing offshore 
work with its existing out- 
sourcers, IBM and Accenture 
Ltd. “They are offering us an 


performance at a lower cost,” 
said Russell Taruscio, down- 
stream chief financial officer 
at the oil company. 

Adding offshore compo- 


nents to outsourcing contracts | 


is on the rise, according to 
IDC. In a report last week, the 
Framingham, Mass., research 


firm said offshore outsourcing | 


Outsourcing, page 16 


Hilton Hotels Corp. is 
upgrading its People- 
Soft suite, converting 
toathree-tier Web 


architecture, scrapping Unix servers in 
favor of Windows servers and replacing 
its database software - all at the same 
time. Gary H. Anthes reports on this 
complex IT overhaul, which is already 
saving millions of dollars. Page 25 
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_ Regulatory Requirements 
_ Place New Burdens on IT 


Calif. privacy law to 


debut; panic emerging 


US. firms scramble to 


| comply with EU tax 





| BY DAN VERTON 
| Costly legal battles and knee- 


jerk decisions on security are 


| threatening to disrupt compa- 
. . | 
opportunity to have consistent | 


nies that do business with Cal- 


| ifornia residents. 


Tomorrow, a state pri- 


| vacy law with nationwide 


reach takes effect. Securi- 
ty and legal experts pre- 
dict that the law will burden 


| companies with massive class- 


action lawsuits and could 

change the way corporations 

approach wireless technology 
Privacy Law, page 53 
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BY MATT HAMBLEN 


| The European Union’s 15 


member nations tomorrow 
will begin imposing a value- 
added tax on digital sales to 


| residents by non-European 


companies, a plan that 
has forced many U.S. 
businesses to undertake 


months of legal and tech- | 


nical preparations. 
Complicating matters is the 
fact that the VAT varies from 
country to country, ranging 
from 15% in Luxembourg to 
25% in Denmark and Sweden. 
As a result, some U.S. compa- 
nies have had to choose be- 
tween two costly alternatives: 
updating their e-commerce 
systems to track sales and ini- 


tiate VAT payments at the var- | 


ious rates, or setting up new 
operations in one of the mem- 
ber countries so they can ap- 
ply its tax rate to all digital 
sales throughout the EU. 
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“It’s one more onerous 


| process forced on people try- 
| ing to do Internet e-com- 


merce,” said Joel Ronning, 


| CEO of Digital River Inc., an 
| Eden Prairie, Minn.-based 

| company that develops and 
manages e-commerce Web 


sites for businesses. “It’s turn- 
ing into a mess.” 

Digital River, whose clients 
include Motorola Inc., 3M Co. 
and Staples Inc., has spent 
“millions of dollars” to get 
ready for the VAT, Ronning 
said. As part of its prepara- 

European VAT, page 53 


WSC Cleans Up SOAP Standard 


But it’s unclear when 
vendors will adopt 


BY CAROL SLIWA 


When Motor Coach Industries 


Inc. launched its maiden Web 


| services last year, some mes- 


sages didn’t go through, and 
others reached their destina- 
tions only in partial form. 
John Morrison, CIO at the 
Schaumburg, Ill., bus manu- 
facturer, said it took three to 
four weeks to trace the prob- 


| recalled Morrison. “ 
| down to a noncomplete set of 


| lem to differing implementa- 

| tions of SOAP from vendors of 
| Web services tools. 

| Version 1.2 of protocol | 


“One vendor would say, 
‘You've got to do it this way.’ 
Another vendor would say, 
‘This is the way we do it,” 
It boiled 


standards that everyone was 


| implementing differently.” 


That should change at some 


| point, although it’s unclear 


when. The World Wide Web 


| Consortium announced last 


SOAP, page 16 
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We've been listening to what you, our customers, have to say about the way the software industry 
does business. And frankly, some of it couldn't be repeated in print. You’ve been frustrated 
by long-term agreements. You've been disenchanted by the lack of options when it comes to 
software licensing. And, most of all, you’ve been annoyed that no one’s been listening to any 


of your complaints. 


Well, we want you to know that we hear you, and we've been doing everything we can to change 
the way we do business with you. Recently, we’ve revolutionized the industry by being the first 
to introduce flexible licensing contracts. With FlexSelect Licensing”, you can now get software 
on your terms, not ours. We offer short-term or long-term licensing agreements, so you can 
choose your commitment based on your needs. Of course, if you prefer more traditional long- 
term licensing, it’s still available. And we offer payment plans that fit the way you work, not 


the other way around. 
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Flexible software licensing is about choice. 
It's about control. 
It's about time. 
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We've heard back from many of our customers and they're thrilled with the changes. From global 
Fortune 500° companies to smaller organizations, the response has been overwhelmingly 
positive. Some of the comments we've received include “flexible licensing is a tremendous tool,” 
“a huge win for CA customers” and “clearly demonstrates that CA is an extremely innovative, 


flexible and customer-focused company.” 


But the changes don’t stop with flexible licensing. That’s just one part of our renewed focus 
on you, our customers. We've also increased our responsiveness to your needs. And we've even 
increased our focus on internal research and development, furthering our commitment to 


creating the most innovative business software solutions in the market. 


Innovations in licensing, increased customer responsiveness and product development are just 
a few more ways we’re staying well ahead of the rest of the pack in the software industry. Contact 
us at ca.com/flexselect today to find out more. We think you'll be pleased with what you see. 


If not, let us know. And we'll do something about it. 


FlexSelect Licensing” Computer Associates® 


© 2003 Computer Associates International, Inc. (CA). All trademarks, trade names, service marks, and logos referenced herein belong to 
their respective companies. 





CONTENTS 


Another Digit, Another Deadline 


In the Management section: At U.S. retail- 
ers, IT executives like Ahold’s Ed Gropp 
(left) must update systems to handle 
longer bar codes by Jan. 1, 2005. Page 35 


06.30.03 


EMERGING TECHNOLOGIES 

Preventive Medicine 

in the Technology section: Despite the risk of false positives, 
users and analysts say intrusion-prevention systems are gain- 
ing traction in the corporate IT security perimeter. Page 28 





NEWS 


- TECHNOLOGY 


OPINIONS 





6 A PeopleSoft user panel op- 
poses Oracle’s buyout offer. 


The Homeland Security 
Department says the feds 
should certify that software is 
secure rather than regulate. 


A CiA-funded start-up read- 
ies anew SAN appliance. 


HP expands its lineup of stor- 
age and disaster recovery 
services. 


An appeals court rules that 
Microsoft doesn’t have to use 
a Sun-endorsed version of 
Java — but did violate Sun’s 
copyright. 


NetWare on Linux will arrive 
sooner than expected. 
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Steps to Securing Your Company 
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make an organization secure. 
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tion delivery networks reduce the response 
time and increase the availability of dynamic 
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MOBILE/WIRELESS: Companies that are look- 
ing to set up wireless networks need to get 
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Planet conference speaker advises. 
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Microsoft Adds New | 


Exchange License 


Microsoft Corp. today plans to re- 
lease Exchange Server 2003 for 
manufacturing and announce a 
per-user client-access license for 
the messaging software. The new 
license will let a single end user 
access Exchange Server 2003 
from a variety of devices, said 
Microsoft, which licenses the 
current version of Exchange on a 
per-device basis. The upgrade is 
due to ship in the third quarter. 


3Com Reports Loss, 
Joint Venture Delay 


Santa Clara, Calif.-based 3Com 
Corp. reported a $38.4 million net 
loss on revenue of $175 million for 
its fourth quarter, which ended 
May 36. The company also dis- 
closed that a networking joint 
venture with Shenzhen, China- 
based Huawei Technologies Co. 

is now expected to become fully 
operational by November, two 
months later than planned. 3Com 
CEO Bruce Claflin biamed the de- 
lay primarily on internal IT issues. 


Sun Buys Java 
Software Vendor 


Sun Microsystems Inc. said it has 
agreed to acquire Pixo Inc., a ven- 
dor of Java-based server software 
that manages the distribution of 
digital content to mobile devices. 
Sun will pay an undisclosed 
amount of cash for San Jose- 
based Pixo and fold the company 
into its software unit. The deal is 
expected to be completed by Sep- 
tember, Sun said. 


Short Takes 


HEWLETT-PACKARD CO. plans to 
resell SuSE Linux AG’s version of 
Linux and said it will release a line 
of clustered Linux systems in Au- 
gust. . . . A law firm representing 
shareholders of ELECTRONIC DATA 
SYSTEMS CORP. said it plans next 
week to file a class-action lawsuit 
that consolidates 15 separate 
complaints against the Plano, 
Texas-based IT services firm. 
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PeopleSoft User Panel 
Opposes Oracle’s Offer 


Head of advisory board says buyout bid 
poses threat; Oracle continues pursuit 





BY TODD R. WEISS 
RACLE Corr. last 
week said it will 
continue its hostile 
takeover bid for ri- 

val PeopleSoft Inc. despite re- 

cent changes in a proposed 
merger deal between People- 

Soft and J.D. Edwards & Co. 

Meanwhile, PeopleSoft’s glob- 


| al customer advisory board 


announced that it “firmly sup- 
ports” the company’s decision 
to reject Oracle’s sweetened 
buyout offer. 

Peg Nicholson, president of 
the advisory board and CIO at 
golf equipment maker Acush- 
net Co. in Fairhaven, Mass., 
said in a statement that Ora- 
cle’s tender offer for People- 
Soft is “clearly anticompeti- 
tive” and poses a threat to ex- 
isting investments in People- 
Soft’s business applications. 

“We feel strongly that an 


| Oracle acquisition of People- 


Soft would reduce competi- 
tion and force PeopleSoft users 





i An Oracle 
acquisition of 
PeopleSoft would 
reduce competition 
and force PeopleSoft 
users to migrate. 
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PEG NICHOLSON, Ci0, ACUSHNET CO 


to migrate from their current 
applications and possibly 
[their] database platforms,” 
she said. “This unnecessary, 
expensive and risky effort is 
clearly not in the best interest 
of PeopleSoft customers.” 


Unnecessary Alarm 

In response, Oracle said that 
Pleasanton, Calif.-based Peo- 
pleSoft “has unnecessarily 


| alarmed its own customers in 
| acynical effort to distract at- 


tention from the tangible ben- 
efits of our offer.” 
When Oracle announced its 





takeover bid on June 6, CEO 
Larry Ellison said the compa- 
ny wouldn’t actively sell Peo- 
pleSoft’s applications to new 
customers, a comment that led 
some PeopleSoft users to react 
with dismay. But Ellison more 
recently promised to continue 
developing PeopleSoft’s prod- 
ucts for at least 10 years and 
said users won’t be forced to 
convert to Oracle’s E-Business 
Suite lli applications. 

After increasing the value of 
its offer from $5.1 billion to 
$6.3 billion on June 18, Oracle 
last week took another step to 
show that it’s serious about 
proceeding. The company said 
it would waive a condition in 
its tender offer that stated it 
would go forward only if Peo- 
pleSoft and Denver-based J.D. 
Edwards didn’t modify the 
merger agreement they an- 
nounced on June 2. 

PeopleSoft and J.D. Edwards 
did amend the deal two weeks 
ago in an effort to speed up 
the merger and potentially 
block an Oracle takeover. Al- 
though Oracle is pushing on, 
company spokesman Jim Finn 


www.computerworld.com 


| said it still views the amended 


merger agreement as “an un- 
lawful device” and called on 
PeopleSoft’s board to meet 
with Oracle executives. 

But PeopleSoft was unim- 
pressed. “Oracle is just blow- 
ing smoke again,” said spokes- 
man Steve Swasey. 

In another development, 
representatives of various 
state attorneys general held a 
conference call June 24 to dis- 
cuss the possible antitrust 
ramifications of Oracle’s 
takeover bid. The call fol- 
lowed the filing of an antitrust 
lawsuit against Oracle by Con- 
necticut’s state government, 
which is in the midst of a $100 
million PeopleSoft project. 

But officials from Texas and 
California said such calls are 
routine and added that they 
haven’t made any decisions to 
intervene in the buyout fracas. 
“This is a standard fact-find- 
ing process,” said Tom Kelley, 
a spokesman for the Texas at- 
torney general’s office. D 


MORE ONLINE 


Oracle’s Bid for PeopleSoft: Visit 
our Web site for additional coverage: 


QuickLink a3320 


Product News: Oracle announced an 
upgraded applications release at a user 
conference in London: 


QuickLink 39554 
www.computerworld.com 





Government 


BY DAN VERTON 
WASHINGTON 

The U.S. Department of 
Homeland Security is empha- 
sizing government security 
certifications as a means of 
improving software security 
while avoiding more invasive 
government intervention. 

The policy of the current ad- 
ministration, as with the previ- 
ous two, has been to allow 
market forces to drive security 
improvements in the software 
industry. However, with little 
evidence of the effectiveness 
of that approach, the govern- 
ment’s commitment to foster- 
ing change is under scrutiny. 

At a homeland security con- 





Certification of Software 
Proposed to Boost Homeland Security 


ference here sponsored by the 
Center for Strategic and Inter- 
national Studies and the Infor- 
mation Technology Industry 
Council, Microsoft Corp. 
Chairman Bill Gates last week 
expressed staunch 
support for govern- 
ment testing, certi- 
fication and re- 
wards for security 
improvements. 
That approach is 
backed by Robert 
P. Liscouski, assistant secre- 
tary for infrastructure at DHS, 
who distinguished govern- 
ment certification from the 
type of regulation the admin- 
istration opposes. He said that 


although private-sector deci- 
sions about security always 
come down to a business-case 
analysis, companies are often 
forced to make poor software 
choices, given the state of soft- 


a _ ware quality and 


SECURITY GATES 


Microsoft Chairman Bill Gates 
sees software security as key 
to homeland security: 


© QuickLink 39493 
www.computerworld.com 


security. 

“If we can get the 
risk management 
industry to recog- 
nize good practices 
that can be certi- 
fied ... I don’t see 
that as regulation,” he said. “I 
see that as a very positive in- 
centive to get the industry to 
go where it has to go.” 

Dave Carey, president of in- 
formation assurance at Oracle 





Corp. and a former CIA offi- 
cer, said that although Oracle 
supports various government 
certification processes, such 
as the Common Criteria and 
Federal Information Process- 
ing Standard 140, “they are 
neither easy nor cheap.” 

On average, evaluations of 
Oracle products have taken 
eight to 10 months and cost 
about $1 million each, said 
Carey. “But once done, custo- 
mers can have the confidence 
that the security features in 
the products they buy func- 
tion as intended,” he added. 

Whit Diffie, chief security 
officer at Sun Microsystems 
Inc., said the certification 
process can be shortened, but 
reducing its cost will require 
significant changes to the 
overall testing architecture 
and methodology. B 
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CIA-Supported Storage Virtualization 
Start-up Emerges With SAN Appliance 


Device integrates 
storage capacity on 


multivendor arrays | 


BY LUCAS MEARIAN 
Candera Inc. this week plans 
to go public with a storage vir- 
tualization device after two 
years of development, joining 
the race to provide users with 
technology that can combine 
different storage subsystems 
into virtual pools of data. 
Milpitas, Calif.-based Can- 
dera will announce the release 
of its SCE 510 appliance, a 
combination switch and virtu- 
alization product that works 
on multivendor storage-area 
networks (SAN). The start-up, 
which has been partly funded 
by the CIA, is selling the sys- 
tems in clustered pairs that 
operate separately from each 
other but can balance work- 
loads between them. 
Candera’s promise is 
straightforward: The company 


says that using application 

programming interfaces based 
on standards like XML, HTTP 
and the Simple Network Man- 
agement Protocol, the SCE 510 
can work with any SAN switch 


ity on various arrays so it all 
looks like a unified pool. 

The new appliance can au- 
tomatically identify devices 
on SANs by disk type, vendor 
and the level of supported re- 


systems administrators to set 
up dynamic provisioning poli- 


according to Richard Meyer, 
Candera’s principal engineer. 


Market Rivals 

The SCE 510 will compete 
against virtualization products 
from vendors like IBM and 
Hewlett-Packard Co., as well 
as Brocade Communications 
Systems Inc.’s virtualization- 
enabled SilkWorm Fabric Ap- 

| plication Platform switches. 





to virtualize the storage capac- | 


dundancy protection, allowing | 


cies for different types of data, | 





A senior storage architect at 
a Global 100 company said 


| he’s leaning toward the Can- 


dera box over rival virtualiza- 
tion technologies from IBM, 

FalconStor Software Inc. and 
DataCore Software Corp. be- 
cause the SCE 510 was devel- 


| oped with redundancy and 


high availability in mind. 
The other products run on 


| commodity hardware that 


could prove to be a point of 
failure in his SAN, said the 

storage architect, who asked 
that he and his company not 


| be identified. In contrast, Can- 





dera is using a pair of special- 
ized processors designed to 
handle heavy-duty workloads. 

A vice president of architec- 
ture and capacity planning at a 
large financial services firm, 
who also asked to remain 


| anonymous, said his company 


beta-tested the SCE 510 last 
month and plans to roll it out 
in September. The device 
should let IT staffers manage 
all the disk arrays on the firm’s 
SOTB SAN through a single in- 
terface, the executive said. 

But he added that the SCE 
510 is missing two key fea- 
tures: support for migrating 


age devices to SANs, and data 


TECHNOLOGY DETAILS 


Candera’s SCE 510 


= Functions as both a storage 

Switch anda virtualization device. 
= Supports AIX, HP-UX, 
Solaris and Windows. _ 


= Provides a virtual pool of 
storage from multivendor arrays. _ 


§ Starts at $100,000 for a clus- 
tered pair of appliances. 
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| replication capabilities for dis- 
| aster recovery applications. 


Meyer said he has heard the 


| same comment from other po- 
| tential users and added that 


both of those features are in 


| development. But he couldn't 
| say when they’re due to be- 
| come available. 


Mike Fisch, an analyst at 
The Clipper Group Inc. in 


| Wellesley, Mass., said Can- 


dera’s product could make a 
splash in the storage manage- 
ment market because it ad- 
dresses key user require- 
ments, including logical unit- 
number mapping, capacity 


| planning and dynamic provi- 
data from direct-attached stor- | 


sioning. 

Candera is also jointly de- 
veloping security-related 
hardware and software fea- 
tures with In-Q-Tel Inc. in Ar- 


| lington, Va., a nonprofit com- 
| pany that acts as the CIA’s 


technology funding arm 


| [QuickLink 33889]. Those fea- 


tures include support for the 
Lightweight Directory Access 
Protocol and Secure Sockets 


| Layer standards and should be 


added to the SCE 510 in the 
fourth quarter, Meyer said. D 





HP Expands Its Storage, Disaster Recovery Services 


Offerings include system assessments, 
installation of SAN management software 





BY LUCAS MEARIAN 
Hewlett-Packard Co. last week 
announced five storage man- 
agement and disaster recovery 
services in a bid to take advan- 
tage of an uptick in storage- 
related consulting that’s being 
driven by tight IT budgets. 
The services being offered 
by HP include assessments of 
how to optimize storage sys- 
tems, data replication deploy- 
ments, and development of 
disaster recovery and storage- 
area network (SAN) manage- 
ment architectures. HP said it 
will offer the storage services 
as part of both straightforward 
consulting engagements and 
more comprehensive deals 
that also include technology 
installation and training. 
Charlie Orndorff, CIO at 
Crossmark Inc., an advertising 


and marketing company in 
Plano, Texas, said he currently 
uses both HP and Veritas Soft- 
ware Corp. for IT services on 
some storage projects. His 
dealings with HP may be 
widened over the next few 
months: Orndorff intends to 


HP’s New Storage Services 


| 


merge 7TB and 4TB SANs to 
reduce his staff’s storage man- 
agement headaches, and he’s 
eyeing HP’s disaster recovery 
and business continuity ser- 
vices as part of that plan. 
“What you really need is a 
comprehensive solution that 
says, ‘If I go down, my data 
will be available in one hour, 
four hours or whatever the 
SLAs are that are in place,’” 


& Storage optimization consulting that offers recommendations for in- 
creasing data availability and storage efficiency. PRICING: Starts at $10,000. 


® implementation of data replication technolegy, such as data snapshot 
and remote mirroring capabilities. PRICING: From $10,000 to $60,000. 


= Development of disaster recovery plans that use in-house backup sites 
or 50 facilities that HP has set up worldwide. PRICING: About $100,000. 


@ Deployment of SAN management systems based on HP’s OpenView 
Storage Area Manager software. PRICING: From $16,000 to $100,000. 


® A data sanitization program designed to ensure that information is erased 





from disks or tapes being thrown away. PRICING: $7,000 per terabyte. 





Orndorff said. He added that 
he also doesn’t want to have to 


hire specialized IT technicians | 


to manage different aspects of 
the combined SAN as Cross- 
mark installs more complex 
storage technology. 

Robert Gray, an analyst at 
IDC, said the use of IT ven- 
dors to help design and imple- 
ment storage systems is on the 
upswing because companies 
want to get the most out of 
their technology purchases in 
the current economic climate. 
Storage vendors “had been 
selling the product and walk- 
ing away, leaving [IT man- 
agers] underusing what they 
invested in,” Gray said. 

The disaster recovery man- 
agement service is available 
now, said Gary Wright, vice 
president of HP’s Network 
Storage Services division. The 
other services announced last 
week are scheduled to become 


| generally available worldwide 





by the end of the third quarter. 

Gartner Inc. analyst Adam 
Couture said the announce- 
ment was largely a case of HP 
formalizing storage services 
that it and the former Compaq 
Computer Corp. had offered 
separately through their re- 
spective consulting staffs. 

HP is also reducing the 
maximum fees that users of its 
StorageWorks XP128 and 
XP1024 disk arrays could pay 
under its metered pay-per-use 
pricing plan, Wright said. Be- 
fore, companies adopting the 
metered pricing may have 
paid up to 25% more than the 
standard monthly lease cost 
for the arrays, depending on 


| how much of the available 


storage capacity they actually 
used. Now, HP is limiting the 
extra fees to no more than 5% 
above the regular price. D 


STORAGE DOWNLOAD — 


For the latest news, visit our Storage 
Knowledge Center online: 


e QuickLink k1700 
www.computerworld.com 
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Ericsson Taps IBM 
To Manage Apps 


LM Ericsson Telephone Co. said 
it has signed a preliminary agree- 
ment to outsource development 
and maintenance of its IT appli- 
cations to IBM. The deal came 
three weeks after Stockholm- 
based Ericsson announced a 
five-year contract for Hewilett- 
Packard Co. to manage its IT in- 
frastructure [QuickLink 38933]. 
Ericsson expects to finalize the 
IBM deal by September. 


EDS Set to Raise 
$1.7B in Funding 


Electronic Data Systems Corp. 
announced that it expects to 
raise $1.7 billion in new funding 
through private debt offerings. 
The deals followed decisions 
by two major credit-rating agen- 
cies to downgrade their ratings 
of the struggling IT services 
firm’s debt. Plano, Texas-based 
EDS said it will also prepay 
$227 million that it owes to an 
unidentified software vendor. 


Paim Reports 
Smaller Q4 Loss 


Palm Inc. remained in the red 
during its fourth quarter, but the 
handheld vendor said its results 
were better than expected. Milpi- 
tas, Calif.-based Palm reported a 
$15 million net loss on revenue of 
$225.8 million for the quarter, 
which ended May 31. The loss 
was about half as big as what 
Wail Street analysts had forecast. 
In comparison, Palm had a year- 
earlier deficit of $27.5 million. 


Short Takes 


COMPUTER ASSOCIATES INTER- 
NATIONAL INC. and STEELCLOUD 
INC. announced a deal under 
which Dulles, Va.-based Steel- 
Cloud will build CA’s eTrust 
security software into a line of 
antivirus appliances. . . . IBM 
added versions of its WebSphere 
Commerce and WebSphere MQ 
middleware products that are 
tailored for midsize companies. 


NEWS 


MARK HALL #®*ON THE MARK 


Wireless Handheld 
World Is a ‘Wild West’... 


... that creates vendor shootouts to attract developers — whether in- 
dependent software vendors or in-house programmers. “Unlike PCs, 
there are enormous real differences in handheld devices that challenge de- 
velopers,” says David Nagel, offering a litany of distinctions, from mul- 
tiple screen sizes and keypad styles to the operating system and wire- 
less service provider being used. The CEO of PalmSource Inc. in Sun- 
nyvale, Calif. — the company that licenses the Palm OS — also points 


out that 400 million to 500 million smart 
phones, BlackBerry-style devices and 
other wireless-ready mobile devices are 
shipped each year, vs. about 100 million 
PCs. That makes it at once the most con- 
fusing and most promising growth mar- 
ket around for developers. And because 
it lacks a dominant Microsoft presence, 
Nagel says, “it’s like early Wild West for 
developers, with wide-open territory.” 
Amid this chaos, handheld vendors are 
desperate to get developers to settle 
down with their systems and tools. ® 
Which explains last week's 
branding brouhaha known as 
Windows Mobile. Irwin Ro- 
drigues, Microsoft’s lead 
project manager for mobile 
devices, acknowledges that 
the event could be summed 
up as “a message to develop- 
ers” that the company now 
has “a single API tool set for 
Pocket PC and Smartphone.” 
Why spend all that money on 
invitations, tchotchkes, press 
releases and the rest whena 
simple e-mail to a Virtual Basic 
developer list would do? Well, 
just as Sun Microsystems Inc. 


Today, 


Microsoft Freed From Carrying Sun’s Java 





in Burling- 
LOM Ee CoMm TV cl 1) 
WebLoad 6.0, a soft- 
ware test product 
that emulates Web 
Tet sl areca | 
browser running on 
any platform. You 
even get to test Web 
services operations 
with the release. It'll 
cost you $7,595. 


held its high-priced JavaOne revival 
meeting for “wireless Java” two weeks 
prior, Microsoft can’t afford not to attract 
IT early in its embrace of wireless hand- 
helds. ® Corporate interest and the adop- 
tion of wireless applications is changing 
the demand mix for handheld applica- 
tions. So even developers who dwell in 
the IT netherworld of middleware are 
seeing opportunities in wireless hand- 
helds. Markham Tate, vice president of 
business development at SpiritSoft Ltd. 
in Milford, Mass., says his company is re- 
leasing a J2EE-compliant 
messaging application called 
SpiritLite so IT can push tech- 
nology updates to handhelds. 
Expect it to be ready by 
summer’s end. ® That shift 
in application demand is ob- 
vious to Ryan Wuerch, CEO 
of Nashville-based Palm- 
Gear.com. While virtually 
all categories are growing 
among the 18,000 Palm OS 
programs available on his 
company’s site, the games 
category is suddenly losing 
ground to business software 
such as productivity appli- 
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cations. Wuerch likens the path of wire- 
less software adoption to the early PC 
days and argues that the handheld mar- 
ket is following a similar trajectory. And, 
like the PC, handhelds will prevail over 
the prior technology. (So move over, 
Wintel.) By 2010, Wuerch assumes, your 
workforce will include many who have 
the power of today’s desktop in a hand- 
held and use it occasionally with the cra- 
dles, keyboards and displays found in of- 
fices, homes, hotels, coffee shops and 
wherever else their legs take them. The 
PC isn’t in his scenario. ® If the wireless 
market walks away from Wintel, it will 
certainly be a kick in the head for the “tel” 
part, which has so much at stake in your 
persistent replacement of PCs with new- 
er, faster models. But it’s already taken 
one on the chin, because if you really 
want the newest, fastest desktop, don’t 
look for the “Intel Inside” logo. In August, 
Apple Computer Inc. will ship the fastest desk- 
top around, the Power Macintosh G5 64- 
bit workstation running OS X. The SPEC 
CPU 2000 benchmark reveals an Apple 
dual-processor G5 that’s about 40% faster 
than the hottest dual Intel Xeon proces- 
sor desktop. Much of that comes from 
the 8GB of RAM you get, twice that of a 
32-bit system. Depending on their need 
for speed, users will shell out from $1,999 
to $2,999 to have the fastest hardware in 
town. ® Before you sign a contract with 
Apple for a truckload of new Macintosh- 
es, think about getting your company’s con- 
tracts under control with an upcoming re- 
lease (No. 19, to be exact) of the Deter- 
mine Application Suite, an online con- 
tract management application from San 
Francisco-based Determine Software Inc. 
Among other improvements, the Aug. 14 
upgrade will be able to track and audit 
changes to Word documents used in the 
contract development process. So be 
careful what you say, especially about 
contract lawyers. D 


XP Service Pack 1 with XP 
SPla, which excludes Micro- 
soft’s Java virtual machine. 





BY GRANT GROSS 
WASHINGTON 
An appeals court last week re- 
versed a lower court’s ruling 
that Microsoft Corp. must dis- 
tribute a version of Java en- 
dorsed by Sun Microsystems 
Inc. But the appeals court also 
affirmed a ruling that Micro- 
soft violated Sun’s copyright 
by distributing its own version 
of Java with its products. 

Both companies claimed 
victory after the Fourth U.S. 
Circuit Court of Appeals an- 





nounced its decision on June 
26, another step in Sun’s pri- 
vate antitrust lawsuit against 
Microsoft. 

US. District Court Judge 
Frederick Motz erred in his 
Dec. 23 ruling requiring Micro- 
soft to carry the Sun-compati- 
ble version of Java with its op- 
erating systems and browser 
products, since there was no 
proof that Sun would suffer 
“immediate irreparable harm” 
without the order, appeals court 
Judge Paul Niemeyer wrote. 





The appeals court did up- 
hold Motz’s order prohibiting 
Microsoft from distributing 
any version of Java other than 
the one allowed by Sun ina 
2001 license agreement. 

Microsoft spokesman Jim 
Desler called last week’s rul- 
ing a “positive step,” saying 
the must-carry order was the 
key issue that needed reso- 
lution on appeal. As for the 
copyright infringement order, 
Microsoft already complied in 
February, replacing Windows 





Lee Patch, Sun’s vice presi- 
dent for legal affairs, called 
the appeals court ruling on the 
copyright infringement issue 
“an important victory for the 
Java community.” 

“This decision confirms 
that Microsoft violated our 
prior settlement agreement, 
and that it did so in a way that 
continued to fragment the Java 
platform on PCs,” Patch said. B 
Gross writes for the IDG 
News Service. 





Has your Web Hosting provider 


left you dangling? 


Put your business on solid ground. While some Web Hosting providers are abandoning their hosting operations 
or struggling with questionable finances, AT&T continues to grow and integrate our hosting services into our networking 


architecture to ensure predictable performance of your applications environment. 


; Special Transition Offer’ 
You can count on AT&T’s best-in-class hosting services to deliver: P 


¢ FREE migration and 
== Performance advantages of a 24X365 predictive management platform. transition services 


= Stability, security and reliability of AT&T's global data centers. e Aggressive and competitive 
financial incentives 


« Generous hardware trade-ins 


== Scalability, on-demand capacity and ultra availability of AT&T's enterprise networking solutions. 
== Industry-leading portal and reporting services for optimum control and visibility. 


= Expertise and support of AT&T resources. o Panible contract terme 


e Full satisfaction guaranteed 
AT&T hosting professionals will ensure your migration is as simple and as efficient as possible. 


Contact your AT&T Representative or our Rapid Response Team at | 866 409-7054, 


or visit www.att.com/hosting. 
SS ater 


“Eligibility and certain restrictions apply. Call or log on to learn more. Offer expires 8/31/03. 
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NetWare on L 


NEWS 


Inux 


Coming This Year 


Novell surprises users with plans to speed 
up delivery of services on Red Hat, SuSE 





BY MATT HAMBLEN 
OVELL INC. is poised 
to begin delivering 
on its NetWare-on- 
Linux promise con- 

siderably sooner than many 

users expected. 

Novell an- 
nounced at its 
Brainshare conference in April 
that it was adopting Linux as 
its NetWare migration path by 
making NetWare 7 — due out 
in two years — a set of ser- 
vices that would run on both 
the Linux and NetWare ker- 
nels [QuickLink 37843]. 

But last week, Novell said a 
key set of NetWare services 
running on Linux — including 
directory, file, print, messag- 
ing and management services 
— will be made available later 
this year. Novell Nterprise 
Linux Services 1.0, which con- 
stitutes about 60% of the Net- 
Ware services stack, will run 
on Red Hat Enterprise Linux 
and SuSE Linux Enterprise 
Server. It will go into limited 
beta at 150 sites next month, 
Novell officials said. 

Several users gave the move 
an unqualified thumbs up. 

Doug Boval, master network 
engineer at St. Vincent Hospi- 
tal in Indianapolis, said the 
medical facility could benefit 
from Novell support for Linux 
in many ways, including the 
possibility of moving away 
from “costly Windows-based 
desktops to Linux desktops.” 
NetWare on Linux also would 
be a compelling alternative 
to some applications running 
on high-priced Unix systems, 
he said. 

Scott Perley, president of the 
Southern Alberta Novell Users 
Group in Calgary, also wel- 
comed the move, saying he’s 
looking forward to using such 
products as Novell’s iFolder 
file services on Linux. 





Users had every reason to 
be surprised by last week’s 
announcement, since Novell 
officials at Brainshare suggest- 
ed that NetWare services 
wouldn’t be available on Linux 
until the relatively 


ON Ka distant release of 


NetWare 7. Those 
officials are now saying that 
they planned all along to 
make some services available 


| on Linux sooner but hadn’t 


developed the road map suffi- 
ciently to make an announce- 
ment at Brainshare. 

“We in fact knew a lot at 





Brainshare, but we didn't know 
enough,” Jeff Hawkins, vice 
president of Novell’s Linux 
business office, said last week. 
“We were well along the way 
of driving the engineering ef- 
forts and aligning all of the or- 
ganization behind this product 
release, but we weren’t pre- 
pared to make any announce- 
ment at Brainshare about the 
actual product itself.” 
Hawkins indicated that 


| Novell will use the launch of 


NetWare 6.5 this summer to 
push the new Linux offering. 
“There probably will be [a 
connection between NetWare 
6.5 and Nterprise Linux Ser- 
vices 1.0] as we look at how 
we get our current customers 


to embrace it,” he said. “Those 
are going to be pricing and de- 
ployment strategies. We’re not 
announcing those right now, 
but you can imagine that those 
are pretty important conversa- 
tions that are happening.” 

John Enck, an analyst 
at Gartner Inc., said users 
that plan to adopt Linux but 
have never considered Net- 
Ware may like Novell’s Linux 
strategy because Novell has 
“stronger directory and file/ 
print services than the open- 
source community provides.” 

Novell last week also an- 
nounced agreements with Dell 
Computer Corp., Hewlett- 
Packard Co. and IBM under 
which the hardware vendors 
will offer Novell’s Linux prod- 
ucts on their servers and col- 
laborate with Novell on Linux 
training and support. 

Jim Stallings, general man- 
ager for Linux at IBM, predict- 
ed that Novell’s move to sup- 
port Linux will put pressure 
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NEW PRODUCT 


Novell 
Nterprise Linux 
Services 1.0 


The software will enter beta- 
testing next month; pricing wasn't 
disclosed. Services include: 


= Novell eDirectory and DirXML 
= Novell iFolder 

® Novell iPrint 

* Novell iManager 

= NetMail a 

= ZENworks for Servers 

® Virtual Office via Extend 
Director Standard Edition 


on companies like Microsoft 

Corp. “that have proprietary 

architectures and that charge 
exorbitant fees for them.” D 


Computerworld’s Don Tennant 
contributed to this report. 





Flashline Promises to Cut 
Redundant Development 


‘Super-registries’ in 
Version 4 organize 
software assets 


BY CAROL SLIWA 
Flashline Inc. today will an- 
nounce a new version of its 
3-year-old portal-like flagship 
product that’s designed to 
help companies manage and 
reuse software assets they 
built using Web services, Java, 
-Net, open-source and model- 
driven development methods. 
Flashline 4 features five pre- 
configured “super-registries,” 
called FlashPacks, to organize 
a company’s software assets, 
said Charles Stack, CEO and 
founder of the Cleveland- 
based company. A FlashPack 
serves as a central hub where 
developers can go to evaluate 
projects their colleagues are 
working on or have completed 
in specific development areas, 
such as Web services, Java or 
Microsoft Corp.’s .Net. 
FlashPacks include XML- 
based schemata to describe 


SOURCE: FLASHLINE INC., CLEVELAND 





the software assets, sample 
metadata, reports that mea- 
sure the usage of the assets 
and extensions to automati- 
cally populate the registry. 
The Flashline Registry Ad- 
vanced Edition introduces a 
graphical navigator to identify 
how software assets are relat- 
ed to particular projects and 
map those relationships be- 
tween the various projects. 
Coupled with new assets- 
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to compute return on investment 
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in-progress capabilities, the 
navigator can help reveal simi- 
lar ongoing development ef- 
forts within or among pro- 
jects, so teams can eliminate 
redundant work. 

To help teams meet their re- 
turn-on-investment goals, 
Flashline is adding more com- 
prehensive metrics to allow 
developers to see actual sav- 
ings from every group that 
used a particular component, 
model or pattern, as opposed 
to merely showing the savings 
achieved by the group that 
created the component. 

Other new features include 
finer-grained role-based secu- 
rity down to the asset level 
and support for clustering in 
IBM’s WebSphere and BEA 
Systems Inc.’s WebLogic ap- 
plication servers. 

Dale Hite, chief technology 
officer in the software archi- 
tecture group at Fidelity Na- 
tional Financial Inc. (FNF) in 
Jacksonville, Fla., said he’s par- 
ticularly interested in Flashline 
4’s new ROI calculation capa- 
bilities and project hierarchy 
management enhancements, 
so that the relationships of 
components to projects and 
products can be inherited from 





one project to the next. About 
250 of FNF’s geographically 
dispersed developers use 
Flashline, which runs on a Lin- 
ux-based WebLogic server, to 
collaborate on component- 
based projects, Hite said. 

Rich King, a software engi- 
neer at Diebold Inc. in North 
Canton, Ohio, said his com- 
pany began using Flashline 
about a year ago as part of 
a push toward component- 
based development of auto- 
mated teller machine software 
using Microsoft’s .Net tools. 

“We wanted to be able to 
create custom applications 
in as short a time as possible 
with the highest quality possi- 
ble,” he said. 

John Rymer, an analyst at 
Cambridge, Mass.-based For- 
rester Research Inc., said 
Flashline is pushing beyond 
mere storage, categorization, 
security and check-in/check- 
out capabilities in Version 4. 

“They’re providing some 
utilities that will help in main- 
taining, evolving and ultimate- 
ly promoting much greater 
reuse of assets,” he said. 

Flashline 4 will be available 
at the end of July; pricing 
starts at $70,000 for 75 users. D 
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NEWS 


More Vendors Rolling Out 
Sarbanes-Oxley Software 


New tools are focused on automating 


checks of financial controls by users 


BY THOMAS HOFFMAN 
PENPAGES INC. this 
week will become 
the latest vendor te 
offer software that’s 

designed to help companies 

meet the financial documenta- 
tion and reporting require- 
ments of the Sarbanes-Oxley 

Act of 2002. 

And like many other prod- 
ucts that have been an- 
nounced recently, the Web- 
based software suite devel- 
oped by Westford, Mass.- 
based OpenPages specifically 
addresses Section 404 of the 
law. That section requires 
publicly held companies to 
conduct annual evaluations of 
their financial reporting con- 
trols and procedures. 

Vendors such as Oracle 
Corp. and Redmond, Wash.- 
based Concur Technologies 
Inc. have also detailed Section 
404 compliance tool kits 
[QuickLink 38820]. 

In addition, Protiviti Inc., a 
Menlo Park, Calif.-based firm 
that offers internal auditing 
and business-risk consulting 
services, last week introduced 
a Web-based repository for 
organizing and documenting 
Section 404 compliance plans. 

OpenPages said its Sarbanes- 
Oxley Express 404 software is 
based on J2EE technology and 
runs on top of application 
servers from Oracle and San 
Jose-based BEA Systems Inc. 
The software is priced be- 
tween $25,000 and $65,000, 
depending on the number of 
end users. 


Many Units, One Database 
Volt Information Sciences 
Inc., a New York-based pro- 
vider of temporary staffing 
and IT services that has annu- 
al revenue of more than $2 bil- 
lion, plans to finish installing 
the OpenPages software on a 





Windows 2000 server this 
week. 

James J. Groberg, Volt’s 
chief financial officer, said the 
company operates 12 business 
units, each of which has its 
own accounting and profit- 


| and-loss (P&L) responsibili- 


ties. For financial! reporting 
purposes, “you have to treat 


| each one differently,” he not- 


ed. But Volt is looking to de- 
velop a database that links the 
disparate accounting data un- 
der a single structured format. 
After evaluating a handful 
of products, Volt in May set- 


| tled on the one developed by 


OpenPages. Groberg said it 
helped that OpenPages was 
willing to make enhancements 
based on Volt’s suggestions, 
including the creation of a 





master content chart of bal- 
ance-sheet and P&L accounts. 

But even though Sarbanes- 
Oxley compliance tools are 
becoming available from more 
vendors, many CIOs and other 
executives are still having a 
hard time comprehending the 
act’s requirements. Sarbanes- 
Oxley, which was signed into 
law last summer, includes 
more than 90 sections and 
300 discrete points of law. 


Seeking Clarity 

The mandates of Sarbanes- 
Oxley “aren’t very clear,” said 
Louis Boyle, a Meta Group 
Inc. analyst based in Hilton 
Head, S.C. “CIOs have been 
asking us, ‘What is it? What do 


| we need to do? How do we 


prepare for it?’” 

The USS. Securities and Ex- 
change Commission, the Pub- 
lic Company Accounting 
Oversight Board and other 





regulators haven't specified 
what kind of information 
they’re looking for from com- 
panies, said Groberg. “You're 
almost working in the dark in 
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terms of what you’re going to 
have to provide,” he said. 

Protiviti said its SarbOx 
Portal software is designed to 
provide users with a process- 
based approach to document- 
ing and evaluating their finan- 
cial reporting controls. 

The software is being of- 
fered only to Protiviti’s con- 
sulting clients, and a company 
spokesman said pricing “is 
being kept confidential.” D 


How would you characterize your company’s 
understanding of the Sarbanes-Oxley Act? 


We feel confident 
we have a grasp of 
it, but we have 
more work to do 
—____—_-6 


We have a 
minimal under- 
standing and 
need help. 


We're just 
now getting 
. our bearings. 


Excellent; we 
have a really strong 
grasp of the law. 


BASE: An online poll of corporate executives who took part in a June 26 webcast 
sponsored by Business Finance magazine; a toial of 292 responses were received. 


Intel Hopes Madison Will Boost Itanium Use 


BY TOM KRAZIT AND 
ROBERT MCMILLAN 
If the third time really is the 
charm, then Intel Corp. and its 
hardware partners are set to 
reap the benefits of Madison, 
the third generation of the 64- 
bit Itanium processor family, 
being announced today. 
Momentum is finally build- 
ing behind Itanium as it 
evolves from a low-volume 
product to one that, with the 
introduction of Madison, will 
be more attractive to users, 
said Dean McCarron, princi- 
pal analyst at Mercury Re- 


| search in Cave Creek, Ariz. 


Dell Computer Corp. last 
week released details about its 
new Itanium server, the Madi- 
son-based PowerEdge 3250, 
which is the company’s first 
Itanium server since the 
launch of the inaugural Itani- 
um chip. Dell skipped the sec- 
ond generation of Itanium, 





known as McKinley. 

Dell decided to use Itanium 
again because Madison deliv- 
ers a superior level of perfor- 
mance over the McKinley chip 
for the same price, said Darrel 
Ward, a Dell product manager. 
The PowerEdge 3250 is a dual- 
processor server that users 
can cluster in up to 128 nodes, 
Ward said. Its pricing and 
availability will be announced 
later this year. 

Hewlett-Packard Co., IBM, 
Unisys Corp. and others are 
expected to make systems 
with the new processors avail- 
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able during or soon after to- 
day’s launch. 

Itanium systems haven’t ap- 
peared in many server rooms 
because of the lack of enthusi- 
asm for Intel’s EPIC (explicitly 
parallel instruction comput- 
ing) instruction set, intro- 
duced with the first Itanium 
chip in May 2001. 

Many companies use 32-bit 
x86 server processors such as 
Intel’s Xeon, but some are de- 
ciding that they need to take 
advantage of a 64-bit proc- 
essor’s ability to store more 
data in memory, as well as the 
wider general-purpose regis- 
ters that allow for better per- 
formance. 

But in order to run applica- 
tions on Itanium, users must 
port all of them to the new in- 
struction set, which can be a 
time-consuming process. 

Madison’s increased perfor- 
mance will be an incentive to 





make that switch, especially 
for users of Microsoft Corp.’s 
SQL Server database, said 
Nathan Brookwood, principal 
analyst at Insight 64 in Sarato- 
ga, Calif. “SQL Server has real- 
ly only existed on the 32-bit 
Intel Xeons, and databases are 
the horizontal application that 
benefit the most from 64-bit 
architectures,” said Brook- 
wood. “Anybody who is using 
SQL Server on Xeon and run- 
ning out of gas is going to love 
this processor.” 

Advanced Micro Devices 
Inc. also offers an alternative 
for users contemplating a 64- 
bit architecture. The Opteron 
processor, launched in April, 
uses 64-bit extensions to the 
x86 instruction set to let com- 
panies keep some of their ap- 
plications running at 32 bits 


while they port the applica- 


tions that a 64-bit architecture 
will benefit the most. D 


Krazit and McMillan write for 
the IDG News Service. 
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Microsoft Blends 
Business Units . . . 


Microsoft Corp. said it has com- 
bined its Windows server, stor- 
age software and developer out- 
reach organizations into a single 
unit. Eric Rudder, a senior vice 
president who had been in 
charge of the developer opera- 
tion, will head the merged unit. 
The company also named Peter 
Cullen chief privacy strategist, 
effective July 14. Cullen is now 
corporate privacy officer at Roy- 
al Bank of Canada in Toronto. 


_.. And Warns of 
Windows Flaws 


Microsoft warned of two newly 
discovered security vulnerabili- 
ties, including one that involves 
the Windows Media Services fea- 
ture in server versions of Win- 
dows 2000. Microsoft gave the 
flaw an “important” severity rat- 
ing and said attackers could use 
it to run malicious code on un- 
protected systems. The other 
hole is in Microsoft's Windows 
Media Player 9 Series software. 


SAP, Oracle to > 
Resell Adapters 


Information Builders Inc.’s iWay 
Software Inc. unit in New York 
said SAP AG plans to resell a 
software adapter that connects 
SAP’s NetWeaver integration 
technology to the UCCnet prod- 
uct data synchronization hub. 
Meanwhile, Attunity Ltd. in 
Wakefield, Mass., said Oracle 
Corp. will resell a set of adapters 
that link its Oracle9i Application 
Server software to mainframes. 


Short Takes 


GEAC COMPUTER CORP. in Mark- 
ham, Ontario, said it has agreed 
to buy COMSHARE INC., a devel- 
oper of corporate planning and 
budgeting software in Ann Arbor, 
Mich., for $52 million (U.S.) in 
cash... . ADVANCED MICRO 
DEVICES INC. said it will report 
lower-than-expected sales for 
the second quarter. 
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NY. Hospitals Part 
Ways on II; lap IBM 


Outsourcing deals 
to separate systems, 
tech strategies 


BY BOB BREWIN AND 
JUAN CARLOS PEREZ 
BM last week announced 
that it has signed con- 
tracts to manage the core 
computing systems of 
three New York hospitals, 
which are using the deals to 
dismantle a shared IT unit so 
each facility can set its own 
technology direction. 

The agreements with Mount 
Sinai Hospital, New York Uni- 
versity Medical Center and 
NYU Downtown Hospital go 
into effect this week and have a 
combined value of $380 million 
over the next 10 years, IBM 
said. Together, they represent 
the largest hospital IT out- 
sourcing deal the company has 
won thus far. 

The three hospitals began 
consolidating their IT depart- 
ments in 1998, when they were 
combined under a nonprofit 
holding company called Mount 
Sinai NYU Health. They now 
share a data center at a Mount 
Sinai building in Manhattan. 

During the next 18 months, 
IBM will transfer applications 
from that data center to redun- 
dant facilities it owns on Staten 
Island and in Rochester, N.Y. 
Dave Liederbach, vice presi- 
dent of IBM’s health care in- 
dustry unit, said the company 
will host all of the clinical and 
business applications for the 
three hospitals and provide 
disaster recovery and business 
continuity capabilities. “We're 
basically facilitating a restruc- 
turing and separation of their 
IT infrastructure,” he said. 

Richard Donoghue, senior 
vice president of strategy and 
business development at NYU 
Medical Center, said the IT re- 
quirements of the three hospi- 
tals have started to diverge. 
“The demands placed on the 
IT department by the hospitals 





were pulling the IT leadership 
in different directions and cre- 
ating problems,” he said. 

For example, Donoghue 
said, NYU Medical Center 
wants to carry out an IT devel- 
opment plan at its own pace 
and according to its own prior- 
ities, without having to coordi- 
nate projects with Mount Sinai 
Hospital. Each hospital also 
wants to set an independent 
strategy for meeting the priva- 
cy requirements of the Health 
Insurance Portability and Ac- 
countability Act, he added. 

The hospitals expect IBM to 
split the IT infrastructure into 
three entities by mid-2005, ac- 
cording to Donoghue. About 
340 of the 500 staffers in the 
shared IT department will be 
shifted to IBM, he said. Other 
workers will be assigned to 
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the individual hospitals, partly 
to help manage their outsourc- 
ing relationships with IBM. 

Liederbach said he doesn’t 
know how many applications 
IBM will host and support in 
total, but he noted that it 
could “run into the hundreds.” 

Although the outsourcing 
contracts are separate, they 
share one important element: 
the creation of improved dis- 
aster recovery capabilities. 
The move to set up redundant 
data centers is designed to en- 
sure continuity of IT opera- 
tions in the event of a natural 
disaster or an incident like the 
Sept. 1] terrorist attacks. 

The attacks in 2001 de- 
stroyed NYU Medical Center’s 
data center, which was near 
the World Trade Center com- 
plex. It took the hospital three 
days to restore its critical sys- 
tems, whereas the contract 
with IBM stipulates that appli 
cations must be back in opera- 
tion within 12 hours. D 
Perez writes for the IDG 
News Service. 





Siemens Rollout Encrypts 
Medical E-mail Messages 


‘Tool will help ensure 
HIPAA compliance 


BY BOB BREWIN 
Siemens AG’s health care tech- 
nology unit today plans to in- 
troduce a secure messaging 
system designed to ensure that 


electronic communications be- 


tween patients and their doc- 
tors and between physicians 
and hospitals comply with 
data privacy laws. 

Sue Merk, director 
of community innova- 
tions at Erlangen, Germany- 
based Siemens Medical Solu- 
tions, said the new system 
supports the Advanced En- 
cryption Standard and is built 
around technology from Sigaba 
Corp., a subsidiary of Secure 
Data In Motion Inc. in San 
Mateo, Calif. 

The software can scale from 
small medical practices to the 
largest hospitals, Merk said. It 





| also be beefed up to require 


uses a rules-based engine to 
check e-mail and instant mes- 
sages for any personally iden- 
tifiable information about 
patients, in keeping with the 
requirements of the Health 
Insurance Portability and 
Accountability Act (HIPAA). 
Messages that have such 
data are then encrypted. End 
users can access encrypted 
e-mail by typing in a user 
name and password, which 
activates a Sigaba- 
developed secure key 
server. The system can 


the use of biometric identifiers 
such as thumbprints, Merk said. 
Alegent Health, an Omaha- 
based nonprofit health care 
company that operates eight 
hospitals and 100 medical clin- 
ics, has signed on to use the 
new messaging system. Ken 
Lawonn, vice president of IT 
at Alegent, said the company 
views e-mail as an effective 





way to do business but also 
needs to ensure that it com- 
plies with HIPAA. 

Alegent has 5,000 e-mail 
accounts, and Lawonn said it 
plans to run all external mes- 
sages through the Siemens 
software. He added that he’s 
also looking to use the system 
to support direct forms of 
communication, including 
e-mail billing and sending 
medical records to patients. 

Alegent installed a small 
HP/Compag server to run the 
software and paid an upfront 
fee of about $14,000. Siemens 
will bill Alegent on a per- 
message basis under an appli- 
cation service provider con- 
tract, Merk said. Doctors who 
practice at Alegent facilities 
pay $10 per month for unlimit- 
ed access to the messaging sys- 
tem via a PC plug-in. 

Lawonn said Alegent em- 
ployees would have to send 
more than | million messages 
each year — a total that isn’t 
realistically possible now — 
before the company would 
need to consider buying the 
Siemens software outright. D 
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Continued from page 1 


week that Version 1.2 of SOAP 


— a key foundation-level tech- | 


nology for companies building 
Web services — has achieved 
“recommendation” status. 

Recommendation status 
means SOAP 1.2, a set of rules 
for exchanging structured in- 
formation among systems or 
organizations, is a fully vetted 
standard that has gone through 
a rigorous public-review proc- 
ess and substantive interoper- 
ability testing. 

By contrast, SOAP 1.1 was a 
de facto standard that was nev- 
er vetted by the W3C or any 
other standards body, said Don 
Deutsch, vice president of stan- 
dards strategy and architecture 
at Oracle Corp. and a member 
of the W3C Advisory Board. 

The W3C’s XML Protocol 
Working Group, which was re- 
sponsible for SOAP 1.2, identi- 


| fied and resolved more than 


400 technical and editorial is- 


| sues raised about the prior 


version. The group later 
tracked seven SOAP 1.2 imple- 
mentations from various W3C 
member organizations and in- 
dependent developers to en- 
sure their interoperability. 
SOAP 1.2 provides a more 
precise description of the 
processing model and removes 
ambiguities that sometimes 
led to interoperability prob- 
lems for those trying to imple- 


| ment Version 1.1, said David 


Fallside, chairman of the 
W3C’s XML Protocol Working 
Group and a senior technical 
staff member at IBM. 

“By providing the process- 
ing model in greater detail and 
expanding the scope of cases 
that it covers, you significantly 
reduce the chances that two 


| different people sent off to im- 


plement the specification 
would come up with imple- 
mentations that are not inter- 
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= Clarifies processing model 


a Provides better integration 
with XML standards 


au Is protocol-independent 

a Allows performance opti- 
mization, because it's 
based on XML Infoset 


operable,” Fallside said. 

But it’s unclear when ven- 
dors will adopt SOAP 1.2. 
Deutsch said Oracle is com- 
mitted to supporting the stan- 
dard, but he couldn’t say when 
that will happen because “to 
do anything meaningful” with 
SOAP, most tool kits depend 
on another standard, the Web 
Services Description Lan- 
guage (WSDL). The W3C is 
still working on WSDL 1.2. 
Deutsch said it will take 
“some time” for vendors to 
fully support all the features 
of SOAP 1.2, so during the 


transition period, SOAP 1.1 
will co-exist with SOAP 1.2. 
Jason Bloomberg, an analyst 
at ZapThink LLC in Waltham, 
Mass., said he thinks it will 
take a year or two for SOAP 
1.2 to work its way into prod- 


| ucts. In the meantime, “ven- 


dors and end users are going 
to be annoyed at times at the 
fact thai there are two [ver- 
sions of SOAP],” he said. But 
he added that work is ongoing 
in the Web Services Interoper- 
ability (WS-D Organization to 
create profiles on how to use 
standards such as SOAP. 

Users will have to wait for 
SOAP 1.2’s improvements, 
such as protocol-agnosticism. 
SOAP 1.1 confined users to 
sending messages over HTTP, 
but with 1.2, they will be able 
to choose other protocols, 
such as SMTP, TCP/IP, BEEP 
(the Blocks Extensible Ex- 
change Protocol) and IBM’s 
MQSeries, Fallside said. 

“We expect a lot of people 





Continued from page 1 


is the dominant trend in the 
IT services industry, with 42% 
of the application manage- 
ment contracts now having 
some offshore component. A 
big reason is cost. 

Bob Walters, IT director at 
supply chain system provider 
Intermec Technologies Corp. 
in Everett, Wash., surveyed de- 
velopment costs recently at an | 
SAP AG user conference. He 
determined that U.S. compa- 
nies are charging $80 to $120 
per hour for programming 
work, while the fee for off- 
shore providers is about $40. 

When you can pay a third 
of the price, offshore is “some- 
thing that has to be consid- 
ered,” said Walters. 

As offshore business grows, 
so does competition for it. Pi- 
oneering India-based offshore 
companies, such as Tata Sons 
Ltd., are facing increasing 
competition from the large 
U.S. IT consulting firms. Ac- 
centure CEO Joe W. Forehand, 
who spoke at the Gartner con- 
ference, compared the trend to 





the previous exodus from the 


U.S. of many manufacturing 
operations. “The way we look 
at it, the industrialization of 
IT is a reality, and we have to 
embrace that,” he said. 
Competition is also becom- 
ing more global. In the vendor 
exhibit hall, Bamboo Networks 
Ltd.’s mere presence raised 
eyebrows. Some rivals said it 
was the first China-based out- 


| sourcer to set up a booth at a 


U.S. outsourcing conference. 
China is considered some- 





thing of a sleeping giant in the 
offshore world that isn’t quite 
ready to compete with India. 
China “represents the next 
wave” in offshore outsourcing, 
said Traci Gere, an IDC analyst. 
Rajesh Rao, chief operating 
officer at Hong Kong-based 
Bamboo, which operates an 
offshore development center 
in Guangzhou, China, said the 
company believes it has devel- 
oped its offshore processes 
sufficiently to compete for 





U.S. customers. 

One user of offshore ser- 
vices, Sudhir Agarwal, senior 
manager of architecture and 
services at Verizon Communi- 
cations in New York, said In- 
dia’s talent pool, its populace’s 
proficiency with English and 
the country’s U.S. connections 
will ensure India a dominant 
role for years to come. But 
China’s emergence “is good 
for companies in the U.S.,” 
Agarwal added. B 


Business Process Outsourcing Gains Momentum 


LOS ANGELES 

According to Gartner Inc., busi- 
ness process outsourcing (BPO) 
is on the rise, with outsourcing 
of the human‘resources compo- 
nent expected to grow the 
fastest. Approximately 85% of 
U.S. companies will outsource 
one or more human resources 
functions in the near future, with 
payroll processing often being 
the first step. 

Key to any successful out- 
sourcing relationship is the abili- 
ty to measure the cost of provid- 
ing existing services, said Gart- 


ner analyst Rob Brown. 

Another hot BPO area is in- 
surance. Liberty Insurance Ser- 
vices Corp., a subsidiary of 
Toronto-based Royal Bank of 
Canada, is one provider. 

Its insurance BPO work can 
involve a combination of off- 
shore and onshore development, 
said Ted Coia, vice president of 
the Greenville, S.C.-based sub- 
sidiary. But customer data stays 
in the U.S. An offshore center 
may see a policy image that re- 
quires data entry, but that's the 
extent of the interaction. Regula- 


tors don't like insurance data to 
go offshore, he said. 

Insurance BPO covers a 
range or services, including 
transaction and claims process- 
ing, any kind of data entry, un- 
derwriting and policy administra- 
tion. Gartner expects the insur- 
ance BPO market to increase 
from $6.8 billion this year to 
$8.9 billion by 2005. 

Human resources outsourcing 
services are expected to reach 
$46 billion this year and $51 bil- 
lion next year, Gartner said. 

~ Patrick Thibodeau 
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will flow XML messages over 
HTTP, so there is an HTTP 
binding for SOAP. But you 
don’t have to use it,” he said. 

Bloomberg said HTTP was 
never designed for system- 
to-system communications. 
“HTTP was really designed 
for hypertext. HTTP is syn- 
chronous, and it’s not secure. 
It’s not reliable,” he said. “So 
it’s definitely good to support 
other protocols for different 
uses, whether it’s message 
queuing protocols or asyn- 
chronous messaging protocols 
of other kinds.” 


Division of Labor 

The W3C group working on 
SOAP 1.2 split the specifica- 
tion into two parts — essential 
SOAP (which includes the 
processing model, the extensi- 
bility framework and the mes- 
sage construct), and optional 
elements, such as the rules for 
representing a remote proce- 
dure call (RPC), encoding 
SOAP and describing an 
HTTP binding. Fallside said 
the separation breaks the old 
perception that SOAP is mere- 
ly RPC over HTTP. 

Another key change in 
SOAP 1.2 is that it’s based on 
the XML Information Set, 
which provides a way of de- 
scribing the information con- 
veyed in an XML document. 
By contrast, pointy brackets 
were paramount with SOAP 
1.1, which was based on XML 
1.0 serialization, Deutsch said. 

“The upshot is more flexi- 
bility in the representation of 
messages, so you can tailor or 
customize for your applica- 
tion/business requirements,” 
he said. 

Fallside said this will be 
helpful for companies that 
need to send more compact 
messages between applica- 
tions via an extremely low- 
bandwidth connection. He 
said he expects that most 
companies will still use XML 
representations, since that will 
allow them to use off-the-shelf 
tools and applications. D 


BASIC PROFILE 


The WS-I Organization will consider incorpo- 
rating SOAP 1.2 into its Basic Profile: 


QuickLink 39523 
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Sun Exec Opposed to 
Open-Source Java 


Schwartz: Current 
process produces 
uniform standard 


BY CAROL SLIWA 
SAN FRANCISCO 

Jonathan Schwartz, executive 
vice president of software at 
Sun Microsystems Inc., spoke 
with Computerworld at the 
company’s recent JavaOne con- 
ference here about the possibil 
ity of Java becoming an open- 
source technology and other 
issues. Excerpts follow: 


Should Java be made fully open- 
source? The problem with 
open-source is that [victory] 
goes to volume, and that’s evi- 





dent in the Linux community 
today where ISVs [independent 
software vendors] are qualify- 
ing to Red Hat and abandoning 
everyone else. Why? Because 
Red Hat has volume. 

If Java were open-source, 
Microsoft could take it, deliver 
it as they saw fit and drive 
a definition of Java that was 
divergent from the one 
that the [wider] com- 
munity wanted to be 
compatible [with]. And 
to the victor would go 
the spoils of that nefari- 
ous action. 

To the extraordinary 
credit of the Java Com- 
munity Process [JCP], 
we have a uniform, 
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compatible standard that now 
spans hundreds of millions of 
devices. You have to really be 
careful in understanding the 
distinction between open- 
source and open standards. 


An IBM executive once told me 
those two terms mean the same 
thing. IBM is dead wrong, and 
I also think that IBM is some- 
what duplicitously straddling 
that gap for its own benefit, 
exploiting the open-source 
community on the one hand 
and then on the other 
hand trying to derive a 
proprietary advantage 
from its implementa- 
tions of open-source 
products. 


Did IBM talk to you before 
including its proprietary 
graphical user interface 
technology, the Standard 


| Widget Toolkit (SWT), in its open- 
source Eclipse platform? No. 
And I think what they’ve done 
with SWT violates really what 
you would want to do with the 
Java platform. No one wants 
“write once, run on this oper- 
ating system.” IBM has a lot of 
weight, and they don’t like the 
JCP, I think in part because 
they can’t throw their weight 
around. They are just one 
voice of many. 


Sun gave all of the keynotes at 
JavaOne. Why did other key Java 
vendors have such a small pres- 
ence? You'll notice that no- 
body from Sun got up and 
really talked about Sun prod- 
ucts. We talked about the 
health of the [Java] community 
as probably the company that 
has the single biggest vested 
interest in its success. I think 
that the folks who came to 
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JavaOne wanted that. 


Some attendees noted IBM's near 
absence. I think it’s an obvious 
absence. Microsoft wasn’t 
here, either. 


No one would have expected 
Microsoft. Now that we've set- 
tled the Java issue with re- 
spect to distribution, that’s no 
longer an issue for Microsoft 
to manage explicitly. Who 
knows? Maybe we’ve got some 
partnering opportunities with 
Microsoft. We do have a com- 


| mon competitor in the form of 


IBM. ... If they would abide 
by the contract, we would love 
to work with them. DB 


To read more of Schwartz's thoughts about 
Java, go to our Web site: 


QuickLink 39294 
www.computerworld.com 
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OPINION 


MARYFRAN JOHNSON 


eating the Odds 


T A TIME WHEN GOOD NEWS about 

IT is as unexpected as a winning lot- 

tery ticket, our story about Hilton Ho- 

tels’ daredevil infrastructure upgrade 

is quite a standout (see story, page 25). 
It makes for especially welcome reading in the 


wake of the latest re- 
search decrying the drea- 
ry state of successful IT 
project completions. 

In a survey of some 
2,000 companies (more 
than 800 of them in the 
Fortune 1,000), The 
Hackett Group in Atlanta 
found that unless a com- 
pany is among the top 
25% of technology users, 
three in 10 IT projects fail 
on average, and that less 
than 40% of IT managers have any 
faith that their departments can re- 
act quickly enough to changing 
business goals. On top of this, less 
than half of companies even bother 
to validate an IT project’s business 
value after it has been completed 
(QuickLink 39300]. 

How many of these depressing 
studies and statistics have you read 
in recent years? Yeah, I’ve lost count 
too. The problem with them is how 
little they contribute to actually solv- 
ing any of the real-world problems 
associated with complex IT projects. 

That’s what I found so riveting in 
reporter Gary H. Anthes’ account of 
Hilton’s megaoverhaul of its Unix 
client/server system. It’s an honest, 
warts-and-all look inside a massive 
infrastructure upgrade — one that’s 
been slogging away during the most 
prolonged downturn in IT history. 
Your company may not be the 
world-famous Hilton chain, but the 
problems encountered and solved 
by its IT group will still resonate 
with familiarity. 

“We had every platform and oper- 
ating system under the sun,” says 
Damien Bean, Hilton’s vice presi- 
dent of corporate systems. He also 





had 1,500 users standing 
by as potential front-line 
critics as the IT depart- 
ment gambled on a mi- 
gration to PeopleSoft 8, 
Microsoft Windows 
2000 Server and SQL 
Server 2000 running on 
Dell servers. 

It was a move fraught 
with risk because none 
of those vendors had 
ever played together on 
a field as large as the one 

Hilton provides. “We were doing en- 


gineering that no one had ever done 
before,” Bean noted. He took advan- | 


tage of that — as the biggest cus- 
tomers can — by pushing the ven- 
dor trio to prove themselves. Mi- 
crosoft, Dell and PeopleSoft each 
had to pony up the people, the ex- 
pert support and the resources nec- 
essary to make this unproven three- 
tier Web architecture work. 

Still, it didn’t all go perfectly. 





That’s the nature of IT projects. 

The biggest technology snafu hit 
on the first day of switching over to 
the new payroll system, but that 
high level of vendor attention paid 
off. The latest unpleasant surprise 
has more to do with industry poli- 
tics and finance than technology: 
the looming threat of an Oracle 
takeover of PeopleSoft. 

“What I have told everybody here 
at Hilton — and I’ve been getting a 
lot of calls from other big cus- 
tomers, too — is don’t do anything 
yet,” Bean told us last week. “Any 
decision you make now is going to 
be lousy, because there’s not any 
good information.” But he’s confi- 
dent that whatever happens can be 
handled. 

That’s the nature of IT leadership. 

As the project heads into its final 
phase, the savings are already in the 
millions, and Hilton’s controller is 
enjoying his newfound ability to 
close the books in roughly half the 
time he once did. 

IT projects will always be targets 
of criticism. They'll always be a 
gamble because they involve such a 
volatile mix of people, technology, 
business and politics. But done 
right, as at Hilton, they can be better 
than a winning lottery ticket. D 
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Call Centers 
Grow Up 


OMPANIES should turn 

their call centers into 

IT-equipped intelli- 
gence operations designed to 
provide e-learning, customer 


analysis and threat detection. 

Best Buy, Starwood Hotels and Con- 
tinental Airlines are doing just that, as 
if to disprove the notion that IT is his- 
tory. They’re using an intelligent soft- 
ware suite from Roswell, Ga.-based 
Witness Systems Inc. to randomly 
record both voice and data communi- 
cations in order to improve customer 
service and the bottom line. 

For example, Continental’s four do- 
mestic reservation centers, which han- 
dle about 60 million calls annually, use 
IT for more than just measuring call 
levels. The airline takes the technolo- 
gy to greater heights, integrating the 
call review process 
with IT operations 
and business goals 
and letting manage- 
ment at company 
headquarters in 
Houston keep an eye 
on things. 

This enables IT 
staffers to trouble- 
shoot bugs and prob- 
lems with the Web 
site in real time, 
thanks to electronic 
buckets in which reservation agents 
(there are nearly 5,000) place cus- 
tomer reports. Since the IT depart- 
ment can see the actual keystrokes 
that led to any problems, fixes are 
made more quickly. And those fixes 
are also less expensive to execute, be- 
cause IT personnel don’t have to fly to 
a reservation center in the hope of 
seeing a recurring glitch. 

The system also helps agents group 
problems, questions and concerns ac- 
cording to criteria the airline per- 
ceives as important. 

The system records up to 10 random 
calls per agent per month, but it also 
lets each agent flag calls for examina- 
tion by a supervisor. For example, an 
agent who has trouble closing sales 
can select calls for review by a manag- 
er, who can then help him improve his 
performance. 

And in Houston, managers can log 
onto the Windows NT system from 
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The Top 10 Critical Challenges 
for Business Intelligence Success 


More than half of all BI projects fail — 
make sure yours isn’t one of them 


et’s start with the bad news: More than 


half of all Business Intelligence projects are 


either never completed or fail to deliver the 


features and benefits that are optimistical 


ly agreed on at their outset. While there 


are many reasons for this high failure rate, the biggest is 


that companies treat BI projects as just another IT proj 


ect. Face it: Business Intelligence, or BI, is neither a prod 


uct nor a system. It is, rather, a constantly evolving strat 


egy, vision and architecture that continuous! 


seeks to 


align an organization's operations and direction with its 


strategic business goals. 


With BI, business success is real 
ized through rapid, easy access to 
actionable information. This access 
in turn, is best achieved through 
timely and accu 
rate insight into 


business condi 


tomers, finances 
and markets 
Complex stuff, but worthwhile 
Successful BI brings greater prof 
itability, the true indicator of busi 


ness success And success IS never an 


accident; companies ach 
they do the following 

@ Make better decisions with 
greater speed and confidence 

@ Streamline operations 

@ Shorten their product develop 
ment cycles 

@ Maximize value from existing 
product lines and anticipate new 
opportunities 

@ Create better, more focused 
marketing as well as improved rela 
tionships with customers and suppli 


ers alike 
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Organizations must understand 


and address these 10 critical chal 


lenges for BI success. BI projects fail 
1 
because of 

|. Failure to recognize BI projects 
as cross-organizational business ini 
tiatives, and to understand that as 


such they differ from typical stand 


uone solutions 
Unengaged business sponsors 
(or sponsors who enjoy little or no 
authority in the enterprise) 
3. Unavailable or unwilling busi 
ness representatives 
4. Lack of skilled and available 
staff, or sub-optimal staff utilization 
5. No software release concept 
(no iterative development method) 
6. No work breakdown structure 
(no methodology) 
No business analysis or stan 
ation activities 
8. No appreciation of the impact 
of dirty data on business profitability 
9. No understanding of the neces 
sity for and the use of meta-data 
10. Too much reliance on disparate 
methods and tools (the dreaded silver 
bullet syndrome) 
In this white paper, we examine 


each of these challenges 





1. Cross-Organizational 
Collaboration 


Traditionally, any business initia 
tive, including a decision-support 
project, was focused on a specific ul 
that was limited to a set of products 
or an area of the business. Due to this 
narrow focus, organizations were 
unable to analyze the project’s impact 
on business operations as a whole. As 
organizations became more cus 
tomer-focused, these initiatives 
began to integrate customer informa 
tion with product information 

It is critical to realize that cus 
tomers and markets, not manufactur 
ing plants and product managers, 
must drive the business. It is also 
optimal to correct any customer 
problems before the customer real 
izes the problem existed. Enterprises 
have a better chance to achieve high 


Figure 1 





Customers and markets, 
not manufacturing plants 
and product managers, 
must drive the business. 


customer loyalty if customers can pay 
when their problem is solved — not 
when the product is shipped 
Initially, the integration occurred in 
regional or departmental databases, 
with no cross-regional collaboration 

Enterprise data warehouses were 
the next step in the evolution toward 
cross-organizational integration of 
information for decision-support 
purposes such as sales reporting, key 
performance indicators (KPIs) and 
trends analysis. Customer relation 


ship management (CRM) followed, 


Increasing Decision-Support Value 


n-Support Value 


Pussy 
Tails 


TTS Clits 


Management 
Data 


bringing the promise of increased 
sales and profitability through per 
sonalization and customization 

BL is th xt step in achieving the 
holistic cross-organizational view 
(Figure 1). It has the potential to 
deliver enormous payback, but 
demands unprecedented collabora 
tion. Where BI is concerned, collabo 
ration is not limited to departments 
within the organization; it requires 
integration of knowledge about cus 
tomers, competition, market condi 
tions, vendors, partners, products and 
employees at all levels 

To succeed at BI, an enterprise 
must nurture a cross-organizational 
collaborative culture in which eve 
one grasps and works toward the 


strategic vision. 


2. Business Sponsors 
Strong business sponsors truly 
believe in the value of the BI project 
They champion it by removing politi 
cal roadblocks. Without a supportive 
and committed business sponsor, a BI 
project struggles for support within 
an organization — and usually fails. 
Business sponsors establish prop 
ctives for the BI application, 
ensuring that they support the strate 
gic vision. Sponsors also approve the 
business-case assessment and help 


set the project scope. If the scope is 





Teles ete i too large, sponsors prioritize the 


Reema c urs deliverables. 
ae Specifically for BI projects, busi 


Relative Deci 


etch 


eit ness sponsors should also launch a 


sie ieur ly 


Dau Ca data-quality campaign in affected 


departments. This task goes to busi 


~2000 ~2005 ness sponsors because it’s business 


~1965 ~1975 ~1985 ~1995 


users who truly understand the data. 


SOURCE: “Business intelligence Roadmap - The Complete Project Lifecycle for Decision-Support Applications,” 
By Larissa T. Moss and Shaku Atre. Copyright 2003, Addison-Wesley 
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run a project review session at 
assigned checkpoints to ensure that 
BI application functionality maps 
correctly to strategic business goals, 
and that its return on investment 


(ROT) can be objectively measured 


3. Dedicated Business 

Representation 

More often than not, the primary 
focus of BI projects is technical rather 
than business-oriented. The reason 
for this shortcoming: most BI proj 
ects are run by IT project managers 
with minimal business knowledge 
These managers tend not to involve 
business communities. Therefore, it’s 
not surprising that most projects fail 
to deliver expected business benefits 

It’s important to note that usually 
20% of the key businesspeople use BI 
applications 80% of the time 
Therefore, it’s vital to identify key 
business and technical representa 
tives at the beginning of a BI project 
— and to keep them motivated 
throughout the project. A BI project 
team should have involved stakehold 
ers from the following areas: 

Business executives are the visionar 
ies with the most current organiza 
tional strategies. They should help 
make key project decisions and must 
be solicited for determining the pro 
ject’s direction at various stages 

Customers can help identify the 
final goals of the BI system. After all, 
their acceptance of products or serv 
ice strategies is what matters most. 

Key business partners provide a dif 
ferent view of the customer and 
should be solicited for information at 
the start and on an ongoing basis. 


The Finance department is responsi 
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ble for accounting and can provide 
great insight into an organization's 
efficiencies and improvement areas 

Marketing personnel should be 
involved during all phases of the proj 
ect because typically, they are key 
users of BI applications 

Sales and Customer Support representa 
tives have direct customer contact and 
provide customer perspective during 
a BI project. They must have repre 
sentation on the team 

IT supports the operational sys 
tems and provides awareness about 
the backlog of BI requests from differ 


ent groups. In addition to providing 


It's vital to identify 
key business and 
technical reps at 

the beginning of a Bl 
project — and keep them 
motivated throughout. 


technical expertise, the IT staff in the 
BI project team must analyze and 
present BL-related requests. 
Operations managers and staff make 
tactical business decisions. They pro 
vide the link between strategic and 
operational information, making 
them important during some key 


phases of a BI project 


4. Availability of Skilled Team 
Members 
BI projects differ significantly 
from others because at their outset, 


they tend to lack concrete, well 


defined deliverables. In addition, the 
business and technical skills required 
to implement a BI application are 
quite different than other operational 
online transaction processing (OLTP) 
projects. For example, while opera 
tional projects normally focus on a 
certain area of the business, such as 
enterprise resource planning (ERP), 
CRM or supply chain management 
(SCM), a BI project integrates, ana 
lyzes and delivers information 
derived from almost every area of the 
business as a whole. 

The required technical expertise 
varies as well; typically, for example, a 
database administrator’s focus is effi 
cient retrieval of data using OLTP sys 
tems. By contrast, where BI systems 
are concerned, it’s vitally important 
to focus on data storage in addition to 
data retrieval 

A BI project team lacking BI appli 
cation implementation experience 
will most likely fail to deliver desired 
results in the first iteration. Since 
most BI projects have aggressive time 
lines and short delivery cycles, an 
inexperienced and unskilled team is a 
risk that must be avoided 

Mandatory BI project skills 
include: 

@ BI business analysts who can 
perform cause-and-effect analysis to 
develop business process models for 
evaluating decision alternatives 
These individuals should also be able 
to perform what-if analysis by follow 
ing a proven BI methodology. 

@ A KPI expert experienced in 
creating balanced scorecards. These 
experts must be able to identify the 
KPIs that meet business needs, calcu 


late and report them and monitor per 





formance. They also should iteratively 
re-evaluate KPI effectiveness and 
must integrate these KPIs into the 
balanced scorecard 

@ Balanced scorecard experts to 
continuously develop and fine-tune 
scorecards. Measuring success in a 
dynamic business environment 
requires an effective toolset. With a 
balanced scorecard, an organization's 
vision and strategy can be translated 
into objectives, targets, metrics 
and incentives to meet those objec 
tives and targets 

@ Data warehouse architects 
with experience developing Bl-relat 
ed logical and physical data m« 
including both star schemas and 
OLAP. Ideally, these pec might 
also have experience with such tech 
nologies as statistical tools and data 
mining algorithms 

@ Cube developers and imple 

ters with experience implement 
ing Bl-specific data models, OLAP 
servers and queries. These individuals 
must be able to develop and deploy 

x and intelligent cubes to con 

duct multi-dimensional OLAP analy 
sis for different users 

@ Personalization experts expe 
rienced at developing Web-based 
generic BI applications that can not 
only meet the reporting needs of 
many users, but also provide a per 


sonalized view to each user. 


5. BI Application Development 
Methodology 


To succeed, BI projects must 


adhere to a plan with clearly defined 
methodologies, objectives and mile 
stones. In this respect, they are hardly 


unique. However, unlike other under 
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Unlike other undertakings, 
BI projects aren't limited 
to a set of departmental 


requirements. 
ERAT 


takings, BI projects are not limited to 
a confined set of departmental 
requirements. Rather, their purpose 
is to provide cross-organizational 
applications. Therefore, BI method 
ologies and deliverables differ. 

Like any project, BI starts out by 
answering some basic questions, such 
as: What will be delivered? What are 
the benefits and expected ROI? What 
is the total cost? When will it be 
delivered? Who will do it? The 


answers collectively define the BI 


project as follows: 

Project deliverables map goals to 
strategic business objectives. These 
deliverables should be measurable in 
business terms. For example, “In 
order to increase sales 20%, the sales 
data merged with pipeline data must 
be available to sales teams within 
three days of month's end.” 

Project scope aligns deliverables 
with BI application deployment 
phases and timelines. Unlike tradi 
tional OLTP applications, the number 
of transactions the system will per 
form cannot measure BI project 
scope. Transactions usually represent 
an organization's processes, which in 
turn represent functio Since Bl 
projects are data-intensive, not func 
tion-intensive, their scope must be 
measured by the data they will trans 


form to the target BI databases, and 
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how quickly this data can be avail 
able. This focus on data is necessary 
because almost 80% of the effort in a 
typical BI project is spent on data 
related activities 
ROI for a BI project must be deriv 

able from project deliverables. Project 
sponsors must measure the effective 
ness of delivered BI applications after 
the completion of each phase to 
determine whether the project is 
delivering the promised ROI. If it 


isn’t, improvements must be made 


6. Planning Bl Projects 

Due to the nature of the beast, Bl 
projects tend to hit more unknowns 
than OLTP projects. Why? OLTP 
projects implement the processes of 
an organization, which in turn repre 

the functions. By contrast, BI 
projects are supposed to provide data, 
which will be transformed into infor 
mation, which in turn is transformed 
into action. Therefore, BI project 
planning is not a one-time activity 
but rather iterative process in 
which resources, timelines, scope, 
deliverables and plans are continu 
ously adjusted (Figure 2) 

Although it’s an iterative process, 
the initial project plan must be creat 
ed with as much detail as possible 
(Figure 3). BI project planning activi 
ties include: 

Determining project requirements. As 
part of S activity, existing high 
level data, functionality and infra 

tructure requirements must be 
reviewed and revised to include more 
detail and remove ambiguity 

Determining the condition of source files 
and databases. Before completing the 


project plan, operational data stores 
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must be reviewed to account for any 
issues that may surface during the 
data-analysis phase 

Determining or revising cost estimates 
During this activity, the organization 
performs detailed analysis to deter 
mine purchase and maintenance cost 
estimates for hardware, software, net 
work equipment, business analysts, 
IT staff members, implementation, 
training and consultants 

Determining or revising risk assessment 
Enterprises must perform a detailed 
risk assessment in order to accurately 
determine and rank BI project risks 
(based on severity and the likelihood 


of their occurrenc e) 


SS 
Figure 3 
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Identifying critical SUCCESS factors 
Here an organization determines 
what conditions must exist in order 
for the project to succeed. Factors 
include supportive business sponsors, 
realistic time frames and the availabil 
ity of resources. 

Preparing the project charter. This is a 
detailed memorandum of under 
standing that should be prepared by 
the project team and approved by the 
business sponsor and key business 

presentatives 

Creating a high-level project plan. These 
are detailed breakouts of tasks, 
resources, time lines, task dependen 


cies and resource dependencies 


Project Planning Activities 


SOURCE: “Business Intelligence Roadmap - The Complete Project Lifecycle for Decision-Support Applications,” 


By Larissa T. Moss and Shaku Atre. Copyright 2003, Addison Wesiey 
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mapped on a calendar 

Kicking off the project. On completion 
of the plan, the project is kicked off in 
an orientation session at which all 
team members, business representa 


tives and the BI sponsor are present 


7. Business Analysis and Data 

Standardization 

By now it’s clear that BI projects 
are data-intensive and that “data out” 
is as important as “data in.” It’s crucial 
that the source data be scrutinized 
The age-old saying, “Garbage in, 
garbage out,” still holds true 

In most BI projects, business 
analysis issues are related to source 
data, which is scattered around the 
organization in disparate data stores 
and in a variety of formats. Some of 
the issues include 

Identifying information needs. Most 
business analysts have challenges 
when it comes to identifying business 
issues related to BI application objec 
tives. They must evaluate how 
addressing these issues can help in 
obtaining answers to business ques 
tions such as, “Why is there a 
decrease in sales revenue in the fourth 
quarter on the West Coast?” Once the 
issues are identified, business ana 
lysts can easily determine related data 
requirements, and these require 
ments can in turn help identify data 
sources for the required information 

Data merge and standardization. The 
biggest challenge faced by every BI 
project is its team’s ability to under 
stand the scope, effort and impor 
tance of making the required data 
available for knowledge workers 
That data consists of fragments in 


disparate internal systems and must 
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be merged into a common data ware 
house — not a trivial task. Data 
requirements normally extend 
beyond internal sources, to private 
and external data. Therefore, data 
merge and standardization activities 
must be planned and started at the 


beginning of the BI project 


8. Impact of Dirty Data on 
Business Profitability 


Inaccurate and inconsistent data 
costs enterprises millions. It’s imper 
ative to identify which data is impor 
tant, then find out how clean it is 
Any dirty data must be identified, and 
a data-cleansing plan must be devel 


oped and implemented 


Dirty data must be 
identified and a data- 
cleansing plan must 
then be developed and 
implemented. 


The business objectives of any BI 
project should be tied to financial 
consequences suc h as lost revenue 
and reduced profit. The financial con 
sequences are usually the result of a 
business problem related to inaccura 
cies in reports due to reliance on 
invalid, Inaccurate or inconsistent 
data. However, most BI projects fail to 
tie financial consequences to dirty 
data through monetary expressions 
(such as losing $10 million in quarter 
ly revenue due to the enterprise’s 
inability to up-sell) 


Even the best BI application will 


be worthless if driven by dirty data 
Therefore, it is important for every BI 
project to employ knowledgeable 
business analysts who understand 
the meaning of source data and can 
ensure its quality 

Underestimating the data-cleans 
ing process is one of the biggest rea 
sons for BI failure. Inexperienced Bl 
project managers often base their 
estimates on the number of technical 
data conversions required. Project 
managers also fail to take into 
account the overwhelming number of 
transformations required to enforce 
business data domain rules and busi 
ness data integrity rules 

For some large organizations with 
many old file structures, the ratio of a 
particular data transformation effort 
can be expected to be as high as 85% 
effort in data cleansing and only 15% 
in enforcing technical data conver 
sion rules. Therefore, even if estimates 
appear realistic at the project's outset, 
you must factor in data-cleansing 
efforts. Note that full-time involve 
ment from the right business repre 
sentatives is mandatory for data 


cleansing activity 


9. Importance of Meta-Data 

Clean data is worthless to know] 
edge workers if they do not under 
stand its context. Valid business data, 
unless tied to its meaning, is still 
meaningless. Therefore, it is impera 
tive for all BI applications to con 
sciously create and manage the mean 
ing of each data element. This data 
about data is known as meta-data, 
and its management is an essential 
activity in BI projects 


Meta-data describes an organiza 





tion in terms of its business activities 
and the business objects on which 
they're performed. It helps transform 
business data into information. It is 
imperative for every BI environment 
For example, what is profit? Does 
every businessperson have the same 
understanding of profit? Is there only 
one calculation for profit? If there are 
different interpretations of profit, are 
all interpretations legitimate? If there 
are multiple legitimate versions of 
profit, then multiple data elements 
must be created, each with its own 
unique name, definition, content 
rules and relationships. All this infor 
mation is meta-data 

Meta-data helps businesspeople 
navigate BI target databases and 
helps IT manage BI applications 
There are two types of meta-data 

@ Technical meta-data provides 
information about BI applications 
and databases, and assists IT staff in 
managing these applications 

@ Business meta-data provides 
business users with information on 
data stored in BI applications and 
databases 

Both types are crucial to success 
and should be mapped to each other 


and stored in meta-data repositories 


10. The Silver Bullet Syndrome 


There is neither a single technolo 
gy nora technique that will resolve all 
the challenges to reach the goal of a 
successful BI environment. That is to 
say, there is no silver bullet 

ts have an enormous 
scope and cover multiple environ 
ments and technologies. At a mini 
mum, a BI environment comprises 


@ A tool for extracting, trans 
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forming and loading data from dis 
parate source systems into the BI tar 
get data warehouse. 

@ A data warehouse that stores 
historical and current business data, 
as well as an OLAP server that pro 
vides analytic services 

@ Front-end BI applications that 


are used to provide querying, report 
_eanonanuenweamaassiae 
Valid business data, unless 
tied to its meaning, is 
still meaningless. Bl 
applications must create 
and manage the meaning 
of each data elemen 


ing and analytic functions to the orga 
nization’s knowledge workers 

In most organizations, these BI 
components are implemented in dif 
ferent phases and by project teams 
Each team implements the product 
that meets most of its functional 
requirements. More tools create 
greater complexity and increased 


interoperability issues, and require 


more administration involvement 

BI project teams must always con 
sciously strive for the lowest possible 
number of tools. This will allow dif 
ferent Bl activities to map to the same 


overall roadmap 


Conclusion: Maximizing ROI 


plications, if implemented 


efficiently and properly, have tremen 


dous payoff. They can help an enter 
prise increase its business agility, 
decrease operating costs and improve 
its customer loyalty and acquisition 

And in most cases, these improve 
ments bring a host of tangible bene 
fits (better customer satisfaction 
increased revenue and profits, cost 
savings and higher market share) 
Bottom line: a successful BI project is 
a genuine, often dramatic, improve 
ment to any organization 

Ah, but there’s that word again 
successful. As we've seen, many com 
plex factors go into the successful BI 
project. By paying attention to the 10 
critical challenges for BI success, your 
enterprise has a great chance to com 
plete and deliver the features and 
benefits agreed upon at the beginning 


of the project. ¢ 
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their desktops on a regular basis to 
look for recurring problems or trends, 
and to measure agent service and 
sales performance. They can also as- 
sess IT operations based on customer 
feedback. 

By using IT, HR management was 
able to revamp the agent review proc- 
ess, whittling a list of 65 questions 
down to 14 and shifting the focus of 
the review process from administra- 
tion to coaching and learning. Conti- 
nental has also restructured its train- 
ing program for new hires to reflect 
the customer service issues that show 
up in the call center. 

Creative application of IT has made 
it possible to automate and link a vari- 
ety of customer service data, making it 
easier to provide current information 
about flight delays or fare changes. 

Providing an online evaluation form 
makes it convenient for managers to 
score as they listen to recorded calls. 
They can even mark calls and e-mail 
them for review by other personnel. 

That’s pretty versatile and far reach- 
ing for a system that was originally 
conceived as just a security measure 
to monitor, capture and relay threaten- 
ing calls within real-time parameters. 
In today’s world, that kind of vision 
and those kinds of results mean that 
IT is hardly passé. D 


torola chips on lower-end 
machines and probably will 
keep doing so for some 
time, but the alliance with 
IBM strikes me as Apple’s 
future. 

There’s no doubt that this 
hardware is a big step for- 
ward. It’s not just a faster 
CPU, which Apple is brand- 
ing the GS. The entire sys- 
tem offers an impressively 
advanced architecture that 
includes faster memory and 
an internal bus speed that 
moves the Mac ahead of the competi- 
tion. Apple is also embracing Univer- 
sal Serial Bus 2.0, somewhat surpris- 
ingly given its pushing of FireWire, 
but this is what the company has to do 
in today’s world. 

All that won’t be enough to entice 
the enterprise for routine office appli- 
cations. You’re unlikely to see IT de- 
partments replacing their Windows 
desktop computers with the Power- 
Mac GS, due to ship in August. Al- 
though the prices are quite competi- 
tive with the fastest Intel-compatible 
machines, they’re way more costly 
than the slower — but still amply fast 
— PCs running Windows or Linux for 
ordinary office work. 





However, users of high- 
end Macs have genuine 
incentives to upgrade. 
That’s especially true for 
the “creative profession- 
als” Apple counts as a core 
market. These folks are 
sure to be pleased. Soft- 
ware developers are 
rewriting their applica- 
tions to take advantage of 
the G5 (for example, 
Adobe is reworking Photo- 
shop), but 32-bit applica- 
tions should run without 

modification. In some ways, GSs may 
be attractive as replacements for some 
Unix workstations. 

Apple didn’t announce a rack server 
or notebook GS. Expect the server be- 
fore the notebook; heat issues are sure 
to constrain the latter. 

The software story is mixed. The 
next version of the Unix-based operat- 
ing system — Mac OS X 10.3, code- 
named Panther — is being delayed 
three months or so. Too bad. It’s slick, 


with plenty of usability enhancements, 


such as vastly better search, and it 
looks like it will work even more 
smoothly inside Windows-oriented 
enterprises. 

But Microsoft’s increasingly am- 


| bivalent attitude toward the Mac could 


become a problem. Microsoft is killing 


| development of Internet Explorer for 
| the Mac, noting (without irony) that 

| Apple’s developers have an unfair ad- 
| vantage in developing the Safari 


browser because they have better ac- 
cess to the underlying operating sys- 
tem. And given how closely inter- 


| twined the Windows version of Office 
| is becoming with the operating sys- 


tem, it’s likely that the next OS X ver- 


| sion of Office will be the last. 


Apple is making tentative moves to- 


| ward replacing Office with its own 
| suite of applications, such as the 

| Keynote presentation software. But 
| Microsoft’s never-ending efforts to 


lock in users with hard-to-decipher 
file formats, complex macros and oth- 


| er tricks will remain a problem for 
| Mac users, and thus for Apple as well. 


This transition will be tricky. 
Bottom line for IT? Apple can still 


| make a case in the enterprise, targeting 


creative types, some road warriors and 


| some server applications, and it’s clear- 
| ly not running short on innovation. D 
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More columnists and links to archives of previous 
columns are on our Web site: 


| www.computerworld.com/columns 
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DAN GILLMOR 


Take Another 
Look at Apple 


VERY ONCE ina while, 

corporate IT shops have 

to ask, “Is the Mac any 
more, or less, worthy for the 
enterprise?” 

We learned some useful facts about 
Apple Computer’s future last week at 
the company’s annual conference for 
developers in San Francisco. At the 
top of the list: Apple isn’t moving to 
the Intel architecture for its central 
processors, but it is beginning to shed 
a hardware albatross in a smart way. 

For IT, the hardware story may 
prove to be the most interesting. Ap- 
ple leapt into the 64-bit era when it 
announced a new line of computers 
based on IBM’s PowerPC 970 micro- 
processors. The move was long over- 
due recognition that Motorola, which 
has been Apple’s PowerPC supplier, 
has lost too much ground in power 
and price to the Intel architecture in 
recent years. Apple is still using Mo- 





Revised Opinion 


N THE MAY 12 edition of Comput- 


erworld, | was quoted in the arti- 
cle “Wading Into IP Telephony” 
[QuickLink 38056] as saying, 
“Avaya’s not as focused on data as 
Ciscois. . . . The Cisco user inter- 
face is cleaner.” While this may 
have been our first impression at 
the time | was interviewed, over the 
past six months our network ana- 
lysts have concluded that for voice- 
over-IP monitoring and manage- 
ment, the Avaya Cajun switches are 
the choice performers. Since then, 
we have installed over 75 Cajun 
switches throughout our facilities, 
with no regrets. 
Thomas Dunkerley 
IT communications manager, 
The Seattle Times, 
tdunkerley@seattletimes.com 


Human Error 


EIL RASMUSSEN makes some | 


good, practical points on fa- 
cilities management [“Avoiding 
Data Center Blowups,” QuickLink 





38121]. Surprisingly, many of these 
involve human rather than technical 
factors (for example, the classic 
lack of coordination between con- 
struction and operations staffs). 
These problems often border on 
the absurd, though the outcomes 
are not always so charming. We 


| have had maintenance staff who 


wedged open the service doors be- 
fore they went home for the week- 
end, and locksmiths who put new 
locks on the wrong side of these 
same doors. 

Rasmussen's observations 
about oversizing power and cooling 
capacity are equally apt. | once had 
a difficult discussion with an HVAC 
engineer who came to look at the 
new heat exchanger in a small 
server room. Using crude arith- 
metic examples, the engineer tried 
to explain that the air in the room 
had to recirculate several times a 
minute or cooling wouldn't be ef- 
fective. | tried to explain that heat 
exchange is nonlinear and that it 
sounded like most of the energy of 
the 2-horsepower fan was in any 
case being converted into tur- 





| minder to temper our natural ten- 


| actually work. It takes a little longer, 


bulence. It was clear that neither 
factor had occurred to him, though 
they proved easy to demonstrate. 
By simply reversing the pulleys so 
the fan would run slower, we saw 
the room temperature fall by 6 
degrees Celsius. All this is a re- 


dency to focus attention on exotic 
hardware and fashionable method- 
ologies before we have cultivated 
a rational grounding in how things 


but makes a lot less mess along 
the way. 

Dan Razzell 

Starfish Systems, Vancouver, 
British Columbia 





False Security 


ARTNER’S ADVICE on collect- 

ing metrics sounds good on the 
surface, but you can count only the 
attacks you can detect, and of 
those, you can guess their effective 
ness or ineffectiveness based only bes 


on whether your security tools claim 
to have successfully blocked them 
[“IT Managers See Need for Risk 


Metrics,” QuickLink 38973]. If the 
security tool knows how to detect a 
particular type of attack, then it 
probably knows how to biock it as 


| well, and therefore it should report 


100% effectiveness. Bill Spernow, 
chief information security officer at 


| the Georgia Student Finance Com- 
| mission, said it best when he cau- 
| tioned that these numbers can give 


a false sense of security 
Scott B. Hutchinson 


| Network administrator, Office 


of the Sheriff; Contra Costa 


| County, Martinez, Calif. 


| COMPUTERWORLD welcomes 


comments from its readers. Letters 
will be edited for brevity and clarity. 
They should be addressed to Jamie 
Eckle, letters editor, Computerworld, 
PO Box 9171, 500 Old Connecticut 
Path, Framingham, Mass. 01701. 
Fax: (508) 879-4843. 
E-mail: letters@computerworld.com. 
Include an address and phone num- 
ber for immediate verification. 

For more letters on these and 


other topics, go to 
www.computerworld.com/letters 





1AM A CISCO 
CATALYST 6500. 





1AM A SNARLING 
PACK OF 
DOBERMANS. 


| AM INTEGRATED SECURITY. | HAVE THE POWER TO PROTECT YOUR 
NETWORK FROM THE INSIDE, THE OUTSIDE AND FROM EVERYWHERE 
IN BETWEEN. | ALWAYS KNOW WHO IS ON THE GUEST LIST AND 
HAVE THE POWER TO DENY THOSE WHO AREN'T ON IT. | SNIFF OUT 
THREATS SO YOU CAN STAY PRODUCTIVE. | AM MORE THAN A 

CISCO CATALYST 6500. 


Cisco SYSTEMS 


THIS IS THE POWER OF THE NETWORK. NOW. ® 


cisco.com/securitynow 





This ts the next wave. 


For your next generation of applications, 
move to the next generation of database technology: 
Caché, the post-relational database. 

What makes Caché “post-relational”? It provides 
developers three integrated data access options which 
can be used simultaneously on the same data: an 
advanced object database, high-performance SQL, 
and rich multidimensional access. 

Because Caché’s architecture is a multi- 
dimensional structure, applications built on it are 
massively scalable and lightning-fast. 

Plus, no mapping is required between object, 
relational, and multidimensional views of data. 

This means huge savings in both development and 
processing time. And, Caché-based applications 
don’t require frequent database administration or 
hardware and middleware upgrades. 


More than just a database system, Caché 
incorporates a powerful Web application develop- 
ment environment that dramatically reduces the 
time to build and modify applications. 

The reliability of Caché is proven every day in 
“life-or-death” applications at hundreds of the largest 
hospitals. Caché is so reliable, it’s the world’s leading 
database in healthcare — and it powers enterprise 
applications in financial services, government and 
many other sectors. 

We are InterSystems, a specialist in database 
technology for 25 years. We provide 24x7 support 


to four million users in 
InterSystems » 


88 countries. Caché is 7” 
available for Windows, f ( ACH : 
OpenVMS, Linux and LLL Im 


major UNIX platforms. Make Applications Faster 


Download a fully-functional version of Caché or request it on CD for free at www.I|nterSystems.com/post-relational 


© 2003 InterSystems Corporation. All rights reserved. InterSystems Caché is a registered trademark of InterSystems Corporation. 
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wh Q&A 
Sharing the Info Wealth 
One of the most important tasks facing 
the business-intelligence industry is 
disseminating information from analytics 
to the people who need it in a company, 
says Don Hatcher, SAS’s vice president of 
technology strategy. Page 30 





OPINION 


Bracing for the 

New Privacy Laws 

As privacy laws proliferate, fear 
of lawsuits and legal penalties 
will push the issue of compli- 
ance front and center, says 
Robert L. Mitchell. Page 34 


| SECURITY MANAGER'S JOURNAL 


| Corporation Caught 

In the Cross Hairs 
| A focused e-mail attack makes Vince Tues- 
day wonder if his company was singled out 
| as a target. An investigation lays that fear 
| to rest, but Vince still has nagging doubts 
| about his company’s security. Page 32 
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HILTON 


Hilton's migration ofits 
enterprise application suite 
from Unix client/server to 
athree-tier Web design on 
Windows pushedthelimitsof : 
the technology. Butit's finally 
paying off. By Gary H. Anthes 
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Upgraded People- 
Nim moe iicia'ciar- leit tle) 
suite to Version 8 on three-tier 
Web architecture. Migrated from 
HP-Unix to Dell-Windows, and 
from Sybase to SQL Server 


LR) t 1) 


SS emus 
excluding labor 


Increased process- 
ing efficiency (speed) by a factor 
of six. Hilton expects to save $4.5 
to $5 million annually. 


We had every 

MFC aiE-lELe 
operating system 
under the sun. 
DAMIEN BEAN, Vv 





| It’s also scrapping Unix-based 
Hewlett-Packard Co. servers in 


favor of Windows 2000 Server 
boxes from Dell Computer 
Corp. and replacing its Sybase 
Inc. databases with SQL Server 
2000 from Microsoft Corp. 

Hilton merged with Promus 
Hotel Corp. in December 1999. 
Today the company owns or 
manages 300 Hilton hotels and 
1,600 properties in the Double- 
Tree, Embassy Suites, Hampton 
Inns and Homewood Suites 
chains. “I was hired in April 
2000 to pull the companies to- 
gether,” says Bean. “We had 
every platform and operating 
system under the sun.” 

Just before the merger, in 
response to the Y2k challenge, 
Hilton had replaced its local, 
independent payroll, human 
resources and financial systems 
with centralized PeopleSoft 7.5 
client/server applications run- 
ning on HP hardware and 


| Sybase database server soft- 


ILTON HOTELS CORP. isin | 
the final stages of amas- | 
sive system upgrade and | 


conversion but is already saving 
millions of dollars in operating 
costs and software license fees. 
More strategically, the total 
changeover in its infra- 
structure — including 
server hardware, operat- 


ware. The resulting production 
environment was far from bul- 
letproof, Bean says. “It had been 
a mad scramble because of the 


| Y2k issue, and toward the end 


they were just slamming things 


| soeethes and hoping for the 


j_—_—best,” he says. 


Human resources, 
FEL. payroll and financial ap- 


ing systems, database and REPORT ~ plications at the former 
application architecture Promus hotels, which 


— will greatly simplify 
maintenance and support and 
free up IT staff to concentrate 
on business process improve- 
ments, according to Damien 
Bean, vice president for corpo- 
rate systems at Hilton. 

The $4 billion, Beverly Hills, 
Calif.-based lodging company is 
converting its suite of People- 
Soft 7.5 client/server applica- 
tions to PeopleSoft 8 on 4 three- | 
tier, Web-based architecture. 


had been running on 
IBM AS/400 computers at a 


| central data center in Memphis, 


were moved to the PeopleSoft- 
HP-Sybase system as well. But 


| then Hilton made a key deci- 


sion to put all hotels from both 


| companies on Promus’ custom- 


built, SQL Server-based proper- 
ty management system 

Bean says the two companies 
had too many servers, operating 
systems and databases even be- 
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fore they merged. After the merger, the 
mix of technologies was untenable, a 
situation not improved by the instabili- 
ty of the production environment. The 
time had come to streamline, simplify, 
and standardize in order to cut costs. 

Hilton bumped HP in favor of Dell 
largely for cost reasons. Bean saw Dell 
servers as commodity boxes that could 
be had on the cheap and easily replaced 
with another vendor’s Wintel machines 
anytime a better deal came along. As 
for databases, “we didn’t see Sybase as 
a strategic platform for Hilton,” Bean 
says. “I had visions of it being [ac- 
quired by Computer Associates], and I 
didn’t want to be left behind.” 

Bean says Hilton had two long-term, 
industry-standard options: SQL Server 
2000 on Windows and Oracle9i on 
Linux. “We clearly knew Oracle would 
work, and we got a very competitive 
bid from Oracle,” he says. On the nega- 
tive side, Hilton staff had extensive 
SQL Server experience but virtually no 
Oracle expertise. 

Even more significant, Hilton was al- 
ready installing the SQL Server-based 
property management system at every 
hotel, and the software license from 
Microsoft allowed client access to Peo- 
pleSoft for very little incremental cost. | 
It was cheaper than Oracle “by orders 
of magnitude,” Bean says. 

But Bean had concerns about scala- 
bility. While Oracle could do the job, 
the suitability of SQL Server wasn’t so 
clear, and no reference account for 
SQL Server even approaching the size 
of Hilton could be found. “Clearly we 
were going out on the edge of the per- 
formance envelope,” he says. 

Bean concluded that if he was going 
to live on the edge, so would his three 
key vendors — Dell, PeopleSoft and 
Microsoft. He met with senior execu- 
tives at all three companies and 
stressed that the hotel giant would 
make a gold-plated reference account. 
“We said, ‘If you’ve got someone will- 
ing to try this and take some risk, this 
is a project you can’t afford to let fail, ” 
he says. 


Scalding Performance 
Hilton decided to test its Wintel sys- 
tem concept first on a travel agent 
commission system, an HP-Sybase ap- 
plication that had been coded using 
the Pe»pleTools application develop- 
ment environment. Although it was big 
— 50 to 60 tables and 100GB of data — 
it wasn’t terribly complicated, nor was 
it so time-sensitive that it couldn’t be 
down for a day or two if there were 
problems. 

SQL Server proved up to the task. 





TECHNOLOGY 


Hilton originally ran PeopleSoft 7.5 client/ 
server applications on a Sybase database in 
asingle, eight-CPU HP/9000 N class server, 
with all application and database processing 
performed on one server. Many payroll sys- 
tem components were processed using sin- 
gle-threaded Cobol code. Now, Hilton runs 
PeopleSoft 8 ona clus- 
tered, Web-based, three- 
tier architecture that in- 
cludes SQL Server 2000. 
© Tasks are spread across 
more than 70 processors 
on12 servers, and anew 
application engine allows 
multithreaded payroll 
processing, improving 
processing time by a 
factor of six. 
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The PeopleSoft application servers 
and SQL Server database servers “ran 
like a scalded bat,” performing six 
times faster than the previous system, 
Bean recalls. Gratified and embold- 
ened, Hilton’s IT shop moved on to mi- 
grate the PeopleSoft HR and payroll 
systems for 71,000 employees. 

The project turned out to be far more 
complicated than expected, Bean says, 
because no one had ever set up such a 
large PeopleSoft HR system: It consist- 
ed of six four-way Web servers and five 


| eight-way application servers. The job 


was further complicated by the proc- 
essing autonomy and flexibility Hilton 
gives its hotels. “Hilton is 
the ultimate real-time envi- 
ronment,” Bean says. “We 
don’t do batch payrolls 
every Thursday night. If 
Hotel A wants to run its 
payroll Monday at ll p.m., 
they do it.” 

Dell, Microsoft and Peo- 
pleSoft provided sustained 
on-site support, as did BEA 
Systems Inc., supplier of 
the WebLogic Web servers and Tuxedo 
application servers used in the project. 
“We were doing engineering that no 
one had ever done before,” Bean says. 
“We did an enormous amount of brain- 
storming on the new setup and how to 
load-balance across it.” And they made 
it work. 


Payroll Problems 

But Hilton’s infinitely variable proc- 
essing schedule made exhaustive pre- 
production testing impossible, and on 
the first day running the new system, 
payroll “went to hell in a handbasket,” 
Bean recalls. One thing that apparently 
hadn’t been tested was a condition that 
caused the cache used by an optimizer 
in SQL Server to balloon from its nor- 
mal 10KB of RAM to 1.3GB. “At that 
point, all the database CPUs spun up to 
100% [utilization], and the only way to 


from Dell: 


project 


get it back under control was to push 


the button and turn it off,” Bean says. 

Payroll is Hilton’s No. 1 priority for 
disaster recovery, according to Bean. 
“Microsoft had six people on-site the 
next morning [Tuesday], plus a team in 
Redmond. They had three bug fixes by 
that Sunday night, which is phenome- 
nal,” he says. 

Hilton’s employees got paid, but 
only after round-the-clock efforts by 
the company’s payroll staff. It took 
three weeks to completely catch up, 
Bean says. 

Hilton is now in the final phase of its 
IT architecture makeover: converting 
its PeopleSoft financial applications to 
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the three-tier Dell-SQL Server system. 
Bean expects to have that in produc- 
tion by August. 

In the meantime, stress testing will 
be in the spotlight. The bug in payroll 
popped up when an online process col- 
lided with some batch code running at 
the same time, and Hilton has modi- 
fied its approach to testing as a result. 
“HR is a very batch-oriented system, 
and our focus was on those things that 
were commonly run,” says Roxanne 
Cheong, Hilton’s manager of database 
administration. “But with the financial 
systems, we are throwing in ad hoc 
things, online transactions during the 
stress tests.” 

“We should have done a 
bit better on the stress test- 
ing, which is why we are 
spending an awful lot more 
time on it now,” says Jane 
Melville, project manager 
and director of corporate 
systems. “It takes a lot of 
expertise to get each layer 
correct” in a three-tier ar- 
chitecture, she adds. 

Melville says her team has spent six 
weeks writing scripts — using Load- 
Runner, a testing tool from Mercury 
Interactive Corp. — to do stress testing 
for the financial applications. 

The tests will run at a Dell laborato- 
ry in Austin, where the vendor has set 
up a mock production environment in 
which it can simultaneously stress-test 
its own hardware, Hilton’s PeopleSoft 
applications and SQL Server. All four 
companies have people on site. 

When testing is complete, the entire 
system will be shipped to Hilton’s 
Memphis data center. “I’m trying to 
fundamentally offload and mitigate as 
many risks as possible,” Bean says. 


Saving Millions 

All the migrations wiil save $4.5 mil- 
lion to $5 million out of Hilton’s $150 
million IT budget, Bean says. The total 
cost, not counting internal labor, will 
come in at about $3.8 million, he says. 

Robert La Forgia, a senior vice presi- 
dent and Hilton’s controller, says the 
upgrades will benefit Hilton customers 
by making it easier for the IT staffers 
to adapt systems that touch them — 
such as reservations and billing — to 
customers’ changing needs. 

As for internal customers, the new 
architecture has already so stream- 
lined processing that La Forgia is now 
able to close the books in six days in- 
stead of 10. “We have decreased proc- 
essing time considerably,” he says. “We 
have a lot less blood, sweat and tears 
and a lot less overtime.” D 
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HE UNIVERSITY OF DAYTON’S 
network used to go down all 
the time. Students introduced 
viruses from their laptops, and 
university servers were the 
targets of an unrelenting barrage of 
worms like Nimda and Code Red. 
“At one point, the network was going 
down on almost a daily basis,” says 


Tom Danford, CIO at the ii tee Se as 


EMERGING 2° 
TECHNOLOGIES 


Ohio institution. Last Octo- 
ber, Danford turned to a 
new type of security prod- 
uct: an intrusion-prevention 
system (IPS). The universi- 
ty bought two UnityOne-2000s from 
TippingPoint Technologies Inc. in 
Austin. The appliances monitor net- 
work traffic for anomalies such as 
buffer overflow attacks and automati- 
cally drop packets associated with 
those events, essentially cutting off at- 
tacks before they can start. 

With a list price of $99,995 each, the 
TippingPoint devices aren’t cheap (al- 
though Danford received a substantial 
academic discount). And the technol- 
ogy — which has been on the market 
for a little over a year — is unproven in 
large-scale corporate networks. But 
Danford was ready to try anything. 
“We have to have some level of open- 
ness on our network. We can’t lock it 
down like a bank could,” he says. 

In January, two weeks after Danford 
set up the appliance, the SQL Slammer 
worm hit. “We didn’t skip a beat. We 
had a lot of exposed servers,” he says. 
Overall, the university receives over 





_ TECHNOLOGY 


3,000 attack attempts every week. So 


| far, he says, they’ve all been filtered out. 


Many companies face similar chal- 


| lenges. The number of system vulnera- 


bilities and cyberattacks are skyrocket- 


| ing, according to the CERT Coordina- 


tion Center at Carnegie Mellon Uni- 
versity in Pittsburgh, which logged 


| 52,658 malicious incidents in the first 


quarter alone. And the 
propagation speed of at- 
tacks has gone up dramati- 
cally, says Neal Hartsell, 
vice president of product 
marketing at TippingPoint. 


| For example, the Nimda worm took a 


day or two to infect thousands of hosts 
worldwide in 2001. In January, the SQL 
Slammer worm compromised nearly 
100,000 machines in just 30 minutes. 


IPS PROS AND CONS 
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IPSs work by proactively blocking 
illegitimate network traffic and server 
requests, including both known and 
unknown threats. They immediately 
block network traffic or server re- 
quests flagged as malicious by moni- 
toring deviations from normal system 
behavior or by following a series of 
rules. By contrast, intrusion-detection 
systems (IDS) recognize only known 
attack patterns. They flag network in- 
trusions after the fact, issuing alerts or 
pouring the data into logs for later re- 
view by a systems administrator. 

To Richard Stiennon, an analyst at 
Gartner Inc., the advantages of an IPS 
over an IDS are clear. “If you owned a 
jewelry store, would you rather add a 
deadbolt to the front door or add an- 
other security camera?” he says. 

As with IDSs, vendors offer both 
host- and network-based IPSs. Host- 
based IPSs (HIPS) first appeared more 
than two years ago and are just begin- 
ning to gain mainstream acceptance. 
Network Associates Inc. says more 
than 1,000 companies use its Entercept 
HIPS product. The systems work by 
installing a software agent on each 
server and then managing the agents 
from a central console. 

Network-based IPSs (NIPS), avail- 
able from companies like Tipping- 
Point, are relatively new. These “in- 
line” systems sit on the network and 
inspect packets for anomalies. But 
adoption has been slow to date be- 
cause potential buyers are unsure how 
a NIPS fits into the overall security 


Preventive 
Medicine 


As IPS technologies mature, users say the 
benefits of proactively blocking attacks outweigh the 
risks of false positives. By Lauren Gibbons Paul 





www.computerworld.com 


m PRODUCTS 


IPS Emerges 
From Mergers 


Until recently, start-ups and indepen- 
dent vendors dominated in the IPS 
market. But the niche has recently 
caught the attention of large vendors 
of network security products, leading 
to an acquisition spree. That's good 
news for corporate IT, since it means 
scalability and support are likely to 
get better. 

IPS products fall into host- and net- 
work-based categories, but at least 
one vendor has an offering in both 
camps. Network Associates in Santa 
Clara, Calif., now owns a HIPS product, 
Entercept, as a result of its April acqui- 
sition of Entercept Security Technolo- 
gies Inc. And in May it acquired Intru- 


picture, according to Stiennon. 

Both types of IPSs yield other bene- 
fits as well. For example, network ad- 
ministrators can deploy software 
patches on a scheduled basis rather 
than rush them out as emergency fixes. 
With an IPS in place, “companies... 
can be assured they are maintaining 
security until they can deploy the 
patch,” says Eric Ogren, an analyst at 
The Yankee Group in Boston. 

IPSs may also deter attackers from 
launching a major attack on a network. 
Many attackers do test runs prior to at- 
tacking a system. If a threat is deflect- 
ed, that may dissuade an attacker from 
a broader attack. “We've seen the sys- 
tem deter attacks. That’s a cool thing,” 
says Bryan Turbow, founder and presi- 
dent of Myrient Inc., a managed ser- 
vices provider in Aliso Viejo, Calif. 
Myrient uses Captus IPS, a NIPS sys- 
tem from Woodland, Calif.-based Cap- 
tus Networks Corp. 

NIPSs and HIPSs aren’t mutually ex- 
clusive. Ideally, both types of IPSs 
should be part of a layered informa- 
tion-security architecture that also in- 
cludes firewalls, vulnerability assess- 
ment and remediation alongside other 
types of protection, say analysts. 

But users are wary of buying a prod- 
uct that might generate false positives, 
a major complaint about IDSs. The 
consequences of a false positive are 
more dire with an IPS, since it could 
block legitimate business traffic rather 
than just generate alerts or reports. 
Some vendors claim that their products 
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TippingPoint’s $99,995 UnityOne-2000 
NIPS protects LAN segments with traffic 
up to 2Gbit/sec. 


Vert Networks Inc. and its IntruShield family 
of NIPS products. 


ing Waltham, Mass.-based HIPS vendor 
Okena in April and rechristening its Storm- 
Watch product Cisco Security Agent. 
Primary Response, from Sana Security 
Inc. in San Mateo, Calif., and STAT Neutral- 
izer, from Melbourne, Fla.-based Harris 
Corp., round out the major HIPS products. 
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Pricing varies, but Entercept starts 
at $1,295 per server and $4,995 for the 
console 

The first NIPS products appeared in early 


| 2002 but have yet to catch on with buyers. 
Cisco has gotten involved as well, acquir- | 


TippingPoint claims over 30 customers to 
date. Firewall vendor NetScreen Technolo- 
gies Inc., which bought OneSecure Inc. last 
year, now sells NetScreen-IDP. Other play 
ers include Captus Networks, which offers 
the IPS 4000 series. Prices for NIPS appii- 
ances start at about $40,000 and go as 


| high as $100,000 or more. 


Adding an Intrusion-Prevention 
Security Layer 


As with IDSs, IPS designs can include both host- and network-based components. Unlike IDSs, 
however, IPSs appiy rules or detect unusual patterns of behavior in order to block possible attacks, 
not just log them. While NIPS appliances monitor network activity on the wire, protecting entire 
network segments, HIPS devices protect applications residing on individual servers. 
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| have false positives,” 
| dra, director of infrastructure tech- 
nologies for the Arlington County, Va., 
| government. In October, he spent 


| cal servers. 





are less likely to have false positives be- 
cause their filtering techniques are 


| more sophisticated than those of IDSs. 


But not all users agree. “You still do 
says Vivek Kun- 


$30,000 to install Entercept on 30 criti- 
“We have spent a lot of 


| time in the lab to make sure we’re not 


shutting down government services to 
our constituents,” he says. 
There is nothing inherent in IPS 


| technology that makes it more accu- 


rate than IDS, adds Jonas Hellgren, 
vice president of product management 


| at Guardent Inc., a security services 


provider in Waltham, Mass., that offers 
IPS management. 

Cisco Systems Inc., citing the false- 
positive issue, is sitting out the NIPS 
business for now, despite its recent ac- 
quisition of HIPS vendor Okena Inc. 
“Once we fix the false-positive prob- 
lem, we can go on to being more 
proactive,” says Tom Turner, director 


| of marketing for the newly renamed 
| Cisco Security Agent HIPS product. 


| Good Enough 


| IPS technology isn’t yet mature, says 


Stiennon. And ultimately, IPS, IDS and 
other security functions will merge 


| into firewalls, which will become gen- 


eral-purpose security appliances. But 
he doesn’t think IT should wait, be- 
cause IPSs are the only way to prevent 
attacks — both known and unknown 
— before they occur. “This is good 
technology that works,” Stiennon says. 

Kundra says intrusion prevention 
should be part of every IT manager’s 
security portfolio. “There is still a lot 
of human intervention needed to de- 
fine the types of behavior that are au- 
tomatically excluded,” he says. “You 
have to create, test and manage those 
rules.” Nonetheless, he says, it’s irre- 
sponsible not to invest in an IPS today. 

A few years ago, many IT managers 
didn’t believe antivirus products 
would work, he says. Yet they protect 
against viruses that could bring down 
an enterprise. “Why wait for an orga- 
nized cyberattack?” Kundra says. 

Yankee Group’s Ogren agrees. “This 
technology may not be mature, but 
there’s no value in waiting. It is the 
only chance an organization has today _| 
against Day Zero attacks. It will get eas- 
ier and scale better as time goes on. But | 


| it’s ready for prime time right now.” D 


Newton, Mass. You can reach her 


: ae 
Paul is a freelance writer in | 
| at laurenpaul@attbi.com. 
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Defining 
haveetaiile 
Behavior 


All IPSs can protect 

TECH against known attacks 

id by using signatures, 

which define the specif- 

ic pattern associated with a worm 
like Slammer or Fizzer. But an IPS’s 
real strength lies in its ability to pro- 
tect against threats for which no sig- 
nature exists. 

NIPSs inspect network traffic for 
compliance with a set of rules for ac- 
ceptable and unacceptabie behavior 
as defined by a security expert. By 
contrast, HIPSs, which reside on a 
server. take two different approaches 
to accomplish this task. 

Cisco Security Agent and Network 
Associates’ Entercept are examples 
of HIPS products that use a rules- 
based approach. A security expert 
describes behavior he considers nor- 
mal and acceptable for the server 
as well as a list of outright unaccept- 
able behavior, and the system inter- 
prets and blocks activity based on 
those rules. 

“The downside is, the burden of 
managing that description rests with 
the customer,” says Yankee Group an- 
alyst Eric Ogren. And since security is 
a moving target, those rules must be 
updated regularly. 

By contrast, Sana Security Inc. in 
San Mateo, Calif., uses a behavior- 
based approach. After being placed 
on a server, its Primary Response sys- 
tem uses artificial-intelligencelike ca- 
pabilities to “learn” what is normal be- 
havior for that server. “By looking at 
the sequence of system calls, it builds 
a profile of what is being run through 
the server path,” says Steve Hofr. eyr, 
chief scientist at Sana. 

But that isn’t foolproof, either. 
“What if an attack happens while the 
product is in learning mode?” asks 
Jim Hurley, an analyst at Aberdeen 
Group Inc. in Boston. “And there’s no 
way of knowing what is normal under 
all conditions,” potentially leading to 
legitimate requests being blocked. 
Hurley calls himself a skeptic when it 
comes to intrusion prevention, though 
he concedes that “some of this has 
great promise.” 

~ Lauren Gibbons Paul 
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Distributing information from 
analytics throughout a company is 
the BI industry’ greatest challenge, 
says SAS Institute’s Don Hatcher. 


~ Don Hatcher leads a team 
> that shapes the strategic 
direction of SAS Institute 
Inc.’s products and tech- 
nologies. Cary N.C.-based SAS’s current 
initiatives focus in part on distributing 
analytics throughout its customers’ or- 
ganizations, rather than limiting access 
to the tools to a few highly trained indi- 
viduals, said Hatcher in an interview 
with Computerworld’s Tommy Peter- 
son. He also said the biggest barriers to 
a business-intelligence (BI) implementa- 
tion don’t always involve technology. 


What is the thing your customers are asking 
for most often? If I had to give you one 
thing, I think it is enabling a greater 
percentage of the enterprise to lever- 
age our analytics. It’s dissemination. 
There’s this concept that we have, 
which is the information supply chain. 
It started by just getting access to data 
— that’s where all the vendors were fo- 
cused. Then we all were focused on 
storing it and being able to analyze it. 
And then we were focused on having 
some tools so you could analyze it dif- 
ferently. The big focus nowadays for 
SAS is, How do we get this breadth of 
information out to the wider audience? 
Because we believe that 80% of a cus- 
tomer’s enterprise needs are business 
intelligence today. We’ve had cus- 
tomers teil us that [they] can’t find 
enough business analysts. We need to 
empower domain experts and informa- 
tion consumers to do some things 
themselves. That’s what you [will] see 
us delivering in [Version] 9.1 when it 
comes out — a breadth of interfaces so 





Title: Vice president of 
technology-strategy, 
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that 80% of an enterprise can use busi- 
ness intelligence, instead of a very 
small percentage of an enterprise. 


How tough was it to adjust your technology 
to do that? Actually, we didn’t have to 
adjust the technology; we just had to 
add delivery mechanisms on top of it. 
Our analytics still play a huge role 
within enterprises. We just needed to 





enable domain experts and informa- 
tion consumers to be able to leverage 


| them. We’ve spent two or three years 


working on this project. We hired 32 
new usability experts writing the front 
ends. We’ve got another 250 develop- 
ers sitting there writing the BI back 
end. We spent a lot of time talking to 
our customers to understand how this 
dissemination needed to happen. 


Are you eliminating the hierarchy of people 
with doctoral degrees in statistics or some 
other math field so you can present the infor- 
mation to the people who need to know it? 
You need the Ph.D.s to create the ini- 
tial model. What we’re not doing is 
dumbing down the analytics. We’re 
just ensuring that when they get used, 
that people who know how to use 
them are creating a safe environment 
for the rest of the knowledge base. 
There’s a lot of folks out there dumb- 
ing down analytics and black-boxing 
stuff. That’s very dangerous, because 
models have to be retrained to notice 
the subtleties in the data. 


What does it mean to have to retrain mod- 
els? If you build the model, it’s just a 
bunch of nodes hooked together that 
don’t particularly know anything yet, 
and you need to run data through 
them, which creates, say, a decision 
tree, which is an example of one data 
mining model. It comes up with a deci- 
sion tree that says, “When boys be- 
tween 25 and 30 buy gym shoes, try to 
sell them gym socks also. But for a guy 
who’s 45 to 50 who buys gym shorts, 
you don’t necessarily want to sell him 
gym socks.” You’ve got to train the 
model and then you leverage the mod- 
el. But the model needs to be retrained 
from time to time because the informa- 


; tion in the data changes. You make 


some adjustments in your model based 
on this new information to keep it 
fresh or even make it better at times. 
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Does that mean that analytics is a technolo- 
gy that isn’t going to be commoditized any- 
time soon? Actually, that’s exactly what 
I think we're doing. We’re enabling an 
enterprise to take advantage of it but 
allowing them to do it in a controlled 
manner. But the models have to be kept 
fresh. To some banks, a half-percent in- 
crease in something represents millions 
of dollars. It’s those kinds of things that 
you learn. You create a model that 
makes you better than you were, but 
then you gather new data, and you’re 
able to tune the model even more. 

The key thing we’ve been hearing is 
enabling the enterprise. People can be 
told they’re empowered, but until you 
give them the information to truly let 
them be empowered, they won’t be- 
lieve you — and they’d be right. 


What are the biggest problems companies 
face in trying to implement business intelli- 
gence and analytics? The big pain I really 
think is organizational change. ... I’m 
not trying to downplay the challenges 
with implementing technology, but I 
would wager that most of the chal- 
lenges around technology have to do 
with culture, have to do with people, 
have to do with process. I know there 
are customers where I could go in and 
sell them systems that would make 
them more effective as a company, but 
their culture won't allow it to be suc- 
cessful. Each silo of the business is re- 
warded for maximizing their silo. 

If you want a technology, I’d say data 
quality is the biggest pain. Data quality 
can delay an implementation of a ware- 
house or even a data mart upwards of 
six months or more. As soon as you 
pull data that’s not accurate through 
and into a warehouse and report on it 
and give it to somebody, their trust of 
the new system instantly dies. D 


HATCHER ON CPM AND MORE 


To read Don Hatcher's thoughts about corporate 
performance management and more, visit our Web site: 


e QuickLink 39390 


www.computerworld.com 
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Technology promises lucid displays 
of complicated information, regardless 
ofits format. By Julia King 
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that Lucas says makes it easy 
to transfer and manipulate 
data across different computer 
systems and applications. 
Higher-level semantics can be 
layered on top of the u-forms. 
What guides the transfer of 
data from place to place is a 
set of “shepherds,” or rules- 
based software agents devel- 
oped by the data owners. For 
corporate applications, Lucas 
notes that u-forms could be 
encrypted and shepherded 
only to paying customers. 





HILE MUCH OF THE 

IT world focuses 

on building com- 

puters that are 
faster, smaller, cheaper and 
brainier, CEO Peter Lucas and 
his colleagues at Maya Design 
Inc. are obsessed with liberat- 
ing the reams of data that 
computers contain, regardless 
of the format in which the 
data is stored. 

To Lucas, computers 
are little more than 
“transducers” — nec- 
essary but “uninterest- 
ing prosthetic devices” 


FUTURE 
WATCH@ 


This is also the goal of the 
Semantic Web, which involves 
taking a relational database 
and “webbing it,” according to 
Web inventor Tim Berners- 
Lee [see story, QuickLink 
37596]. Where Maya’s technol- 
ogy differs, Lucas says, is in 
“taking the much more radical 
step of freeing the data from 
any particular Web page or 
any particular ma- 
chine.” 

Instead of describ- 
ing data in a standard 
way or with metadata 
as the Semantic Web 


for viewing data. “We can’t see | does, Maya’s technology 


data, so we build computers, | 
the same way we use goggles 
to see infrared,” he says. | 
What would be much more 
valuable, Lucas believes, is a 
computing architecture for 
sharing data now stranded in | 
relational databases, which he | 
calls “information islands.” 


wraps the data in “containers,” 
which reside in repositories in 
a peer-to-peer-based “infor- 
mation space” where people 
can meet and collaborate. 
Pittsburgh-based Maya, a 

spin-off of Carnegie Mellon 
University, has come up witha 
container it calls a “u-form” 


An ‘Information Commons’ 


In a simplified version of Maya’s vision, data of all types and formats is ensconced in u-forms, or standard information 
containers that can be easily moved among “schema-neutral” repositories in a peer-to-peer network. Data can be en- 
tered or accessed simultaneously as well as displayed differently by people using different devices. 


)ISPLAY DEVICES: Display 
devices “project” views of u-forms 
from repositories into a user's 
world. The form of the visualization 

| is strictly separated from underlying 
| representations. 


bce 
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U-FORMS: U-forms are standardized “contain- 
| ers” for transporting data of all kinds. Each 
u-form is simply a bundle of attribute value pairs 
tagged with a universally unique identifier. 
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The same data could be 
viewed in different ways by 
different users. For example, a 
logistics manager could view 
on his PC a geographic map of 
warehouses and their contents 
in a specific region. Mean- 
while, an inventory manager 
could draw on the same data 
and display on his handheld 
device a bar-chart representa- 
tion of goods available for 
shipment from those ware- 
houses. 

In this example, multiple 
distributed views of the data 
could be linked in real time, 
permitting the data itself to 
become a medium for collabo- 
rative work. This is compara- 
ble to two users running Excel 
on the same data set, and 
every time one of them 
| changes a number, the other’s 
display is instantly updated. 
| Maya Design’s Maya Viz 
| software arm has technology 
| it calls CoMotion, a set of 





REPOSITORIES: Radically 
new database technology 
implements aschema- 
| neutral storage scheme. 
Repositories simply store 
y and retrieve u-forms. 





Maya Design CEO iy 
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| tools for building different 


views of data that’s stored in 


| u-forms. The shepherds tell 
| the u-forms where they can 
| and can’t go, based on the 


metadata, or data about the 


| data, that’s contained in the 


unique identifier portion of 
the u-form. Individual applica- 


| tions on a user’s machine 


(built using CoMotion’s visu- 
alization tools) dictate how 


| data will be displayed. 


The US. Transportation 


| Command, or Transcom, at 
| Scott Air Force Base in IIli- 


nois, is an early beta tester of 


| CoMotion. Transcom is using 


the software to create differ- 

ent views of the vast amounts 

of data it must manipulate. 
“Since 9/11, we’ve moved 


| 700,000 people and over 2 mil- 


lion short tons of cargo. We 
have seven requirements data- 


| bases that we pull from,” each 
| of which uses a different data 
| schema and format, explains 


Lt. Col. Cody Smith, director 
of operations. Using Maya’s 
technology, Transcom is able 
to display that data differently 


| to its various customers. 


“If we’re dealing with ships, 


for example, we need to be 
| displaying metric feet. Others 


need to look at tons or short 
tons of cargo,” Smith says. 


Common Understanding 
“U-forms and the Semantic 
Web are aimed at solving dif- 


ferent kinds of problems,” says | 


Jason Bloomberg, a senior an- 


| alyst at ZapThink LLC in Wal- 


tham, Mass. “The Semantic 
Web is aimed more at busi- 
ness-to-business communica- 


| tions, where Company A and 


Company B need a common 
understanding of the termi- 
nology. A purchase order, for 
example, has to mean the 
same thing to both of them. 
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“The Semantic Web is about 
getting computers to under- 
stand content. U-forms are 
giving human beings more 
power in working with sys- 
tems and content,” he adds. 

“The technical break- 
through we’ve made is sepa- 
rating the information from 
the visualization and manipu- 
lation,” says Maya’s Lucas. He 
foresees a world of peer-to- 
peer “civic computing” in 
which virtually all public in- 
formation is stored in u-forms 
in a public “information com- 
mons” that’s easily usable by 
anyone, anytime. Maya refers 
to this vision as the Civium 
(Latin for “of the people”) 
Project. 

“Instead of using peer-to- 
peer to steal music, let’s liber- 
ate all accumulated public- 
domain data and create a vast 
information space to make it 
freely available,” Lucas says. 

Pittsburgh Green Map 
(www.greenmap.org), an inter- 
active service for locating en- 
vironmental, recreational and 
other “green” assets in west- 
ern Pennsylvania, serves as a 
prototype of Lucas’ vision. De- 
veloped in conjunction with 3 
Rivers Connect, a Pittsburgh- 
based nonprofit environmen- 
tal group, the service encom- 
passes data from geographic 
information systems and other 
types of data from various 
public databases using differ- 
ent schemas and formats. This 
data has been converted to 

| u-forms and is virtually locat- 
ed in an “information space,” 
which is accessed via a “geo- 
browser” application devel- 
oped by Maya. 

Lucas says this technology 
is about as mature as the Web 
| was in 199]. “It seems as good 

an assumption as any that it 
will follow a similar curve and 
take about as long,” Lucas 
says. “That would mean that it 
will be actually useful to large 
| numbers of people within a 
| few years and will be on the 
cover of Time in about five 
years.” D 


| COLLABORATE T0 SIMPLIFY 
| To see how Maya uses collaboration to 

| conquer complexity, visit our Web site 

| 

! 
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Corporation Caught 
In the Cross Hairs 


A focused e-mail attack sends our worried 
security manager scrambling to track 
down the source. By Vince Tuesday 


Y COMPANY deals 
with large electronic 
financial transac- 
tions on a regular ba- 
sis, and I worry that this 
makes us the perfect target for 
a focused attack on our net- 
works. This issue had been a 
theoretical one for me, howev- 
er, until last week. 

We do receive a 
great many attacks, 
but we aren’t being 
singled out: Many 
other companies are 
being targeted at the JOUR 
same time. This leads 
me to conclude that 
either the attackers are taking 
the approach of targeting as 
many companies as possible 
with the same assaults and 
seeing which ones work, or 
there is so much noise in our 
monitoring logs that any tar- 
geted attacks are lost amid 
the chaos. 

I have been reassured by 
how widespread the attacks 
have been. They show that we 
don't need to be totally secure 
— just more secure than most 
companies. This goal is a lot 
cheaper and easier to achieve 
than perfect security, but it’s 
only safe if no one is targeting 
us. If we are the target of a fo- 
cused attack, hackers will 
keep coming back with new 
approaches until they find one 
that works. 


Fairy Tale Attack 

We have outsourced our 
e-mail monitoring to New 
York-based Messagelabs Inc., 
which offers us a guarantee 
that no malicious code will get 
past its defenses. To back up 
that claim, it’s admirably para- 


noid. The company’s statistics 
show that about one in 270 of 
our e-mails contains a virus. 
Last week, we saw a surge of 
suspicious e-mails. Normally, 


| this signals a big virus out- 
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break, but there was no men- 
tion of this on any of the an- 
tivirus Web sites. The mali- 
cious code Messagelabs 
stopped was simply 
characterized as 
“Possible new Trojan 
software detected.” 
Whoever was 
sending these 
e-mails was using a 
“Rumpelstiltskin at- 
tack.” In this type of attack, 
which gets its name from the 
fairy tale about a queen who 
must turn her first-born child 
over to Rumpelstiltskin unless 


| she can guess his name, the at- 


tacker tries to guess e-mail ad- 
dress names by taking a list of 
common names, combining 


| them with possible first and 


last initials and sending them 


| to an e-mail server. 


I wasn’t too worried about 
the general attack, but in the 


| middle of all those attempts, 


the attacker had sprinkled in 
real e-mail addresses of staff 
members. It was clear that 


This attacker had a list 
of about 200 of our 
employees’ e-mail ac- 
count names. Perhaps 
someone internal had 
leaked the list? 





this attacker had a list of 
about 200 of our employees’ 
e-mail account names. Per- 


| haps someone internal had 


leaked the list? 

The address list was clearly 
an old one, because many of 
the people on it had left the 
company. But if the attacker 
had bothered to get a list of 
real addresses for our compa- 
ny, even out-of-date ones, then 
surely this couldn’t be a ran- 
dom probe. It had to be target- 
ed directly at us. 


Attacker Could Return 


I wasn’t worried by the first 
approach: Trojan horse exe- 
cutables in e-mails are a low 
risk thanks to our defenses. 
However, if an attacker was 
willing to put the effort into 
picking us out of all the pos- 
sible targets and writing a 
new Trojan horse for his at- 
tack, then he was unlikely to 
give up once he realized his 
e-mail attack had failed. He 
would be back, but with Inter- 
net Relay Chat, Web or in- 
stant messaging distribution 
of his software. And if our 
desktops weren’t as paranoid 
as Messagelabs, his attack just 
might work. 

I asked Messagelabs to send 
my team and me a copy of the 
code so we could analyze it. 
Then I checked the news- 
groups. Lots of people were 
being probed in this way, but 
only by spammers. Nobody 
was reporting attempts to 
sneak Trojan horse code in by 
this method. 

I examined the executable. 
The code included a series of 
addresses, and when it was 
run, the program would con- 
nect to a Web site and pull 
down more code. I asked Mes- 
sagelabs to investigate it fur- 
ther and then checked out the 
Web address. 





I found it mentioned in a 
few postings, but these were 
advertising a porn dialer, a 
Trojan horse tool that alters 
your dial-up Internet connec- 
tion to call a premium-rate 
phone number in a foreign 
ceuntry, secretly running up a 
huge phone bill. 

Then Messagelabs contact- 
ed us to say that it had identi- 
fied the software as something 
called TROJ_DIALER.B, and 
we were able to back down 
to a more relaxed state. It 
seems that this wasn’t the first 


| wave of a targeted attack but 


rather the act of a zealous 
spammer. Over the next few 
days, other companies report- 
ed the same probing. 

So as it turns out, we 
weren't the only target; we 
were just “lucky” enough to be 
early on the list of what 
turned out to be a large num- 
ber of targets. 

But I’m still left with a nag- 
ging doubt. What if the only 
attacks we detect in all the 
noise are those that aren’t tar- 
geted? If an attacker can’t be 
bothered to aim at a target, it 
seems more likely that he will 
make less effort to hide his at- 


| tacks. Could there be attacks 


that are targeted but stealthy 
enough to escape detection? 

It is all a moot point, howev- 
er, because to get the funds re- 
quired to perfect security, I'll 
need evidence of the targeted 
attacks that I can’t detect amid 
all the other events. D 


WHAT DO YOU THINK? 


This week's journal is written by a real 
security manager, “Vince Tuesday,” whose 
name and employer have been disguised 
for obvious reasons. Contact him at vince. 
tuesday@hushmail.com, or join the dis- 
cussion in our forum: QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 
@ computerworld.com/secjournal 





www.computerworld.com 


rity. I didn’t think they would 
be of much use, because 
they all seem obvious. For ex- 
ample, his rule of the threefold 
process states that security 
doesn't stop at implementa- 
tion but must also cover moni- 
toring and maintenance. But 
he has captured an elegant 
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and Save the Day are either trade 


What day is it? Sunday? 


I’m only 9 hours into a 32 hour backup. 


That's just too long. 


It’s up to me to shorten it. 


Save the day. 


There are plenty of ways to shorten backup windows. And StorageTek is just the company to find the one that’s right 
for you. Maybe it’s BladeStore as part of disk-to-disk backup, or an L-Series automated tape library with our superfast 


tape drive - the T9940B. Whatever the solution, we think you deserve a day of rest. Learn more about this story and 


BladeStore 


other ways we can help you at www.savetheday.com qe > STORAGETEK’ Save the Day” 
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XOsoft Upgrades 
Data Rewinder 


New York-based XOsoft Inc. last 
week announced Version 3.5 of 
its Data Rewinder software for 
disaster recovery. The software 
allows storage administrators to 
“undo” application and database 
server corruption, according to 
XOsoft. The standard version of 
Data Rewinder is priced at $995, 
and the advanced edition costs 
$2,395. 


Concord Releases 
EHealth Suite v5.6 


Concord Communications Inc. in 
Marlboro, Mass., announced Ver- 
sion 5.6 of its eHealth Suite. The 
new release provides an embed- 
ded Oracle database, expanded 
foreign language support and 
faster deployment capabilities, 
the company said. Pricing starts 
at $100,000. 


Mind Electric Java 


Platform Updated 


The Mind Etectric Inc. in Addison, 
Texas, last week announced Ver- 
sion 4.1 of its Java-based Web 
services runtime platform. New 
features include support for the 
SOAP 1.2 standard and a plug-in 
for Borland Software Corp.’s 


JBuilder tool. The standard, entry- 


level edition of the product is free 
for most commercial uses. The 
professional edition sells for 
$2,000 per CPU. 


CommVault Beefs 


Up QiNetix Platform | 


CommVault Systems inc. in 
Oceanport, N.J., announced that 
it’s adding a component to its 
QiNetix Storage Management 
Platform. QiNetix QNet will as- 
sess an application’s storage con- 
sumption by correlating how the 
application and changing data 
management policies affect the 
storage architecture. Pricing 
starts at $1,000 or $1,500 per 
backup server or production host, 
depending on the configuration. 


| 
| 
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Bracing for 
New Privacy 


NE WOULD THINK THAT, some eight 
years into the Internet age, enlightened 
self-interest would have motivated finan- 
cial services and e-commerce vendors 

to put a higher value on maintaining the 


integrity of customer data. 
But companies’ seeming in- 
ability to follow a consistent 
and reliable security model 
for the use of customer data, 
and the secretive approach 
taken to handling credit 
card security breaches, have 
helped create a consumer 
backlash — and a torrent of 
state and federal legislation. 
The latest regulatory sal- 
vo, California Senate Bill 
1386 (SB 1386), becomes law 
July 1, and more regulations 
are coming. The law requires companies 
to disclose any compromise of customer 
data to every affected consumer residing 
in California within 48 hours. And if you 
don’t have up-to-date contact informa- 
tion for those consumers, you must post 
a notification on your Web site — the 
e-commerce equivalent of a scarlet letter. 
Financial services companies worry 
that the negative publicity associated 
with disclosing data compromises 
could wreak havoc with consumer con- 
fidence in both e-commerce and the 
financial services industry. Consumer 
fears have been fueled by a string of 
high-profile data losses, including the 
compromise of some 8 million credit 
card numbers at card processor Data 
Processors International Inc. (DPI) last 
February. Most of the affected card as- 
sociations’ member banks didn’t notify 
affected customers, despite the possi- 
bility that those numbers could be used 
in conjunction with so-called skip-trace 
database services online to gain enough 
information for identity theft. 
E-commerce vendors, left in the dark 
about which card numbers were affect- 
ed, had to make doubly sure they were 





checking card verification 
codes to protect themselves 
against chargebacks. Fear of 
negative publicity has kept 
the issue under wraps. Fear 
of legal penalties and law- 
suits under new laws will 
now push the issue to the 
forefront as never before. 
In the case of credit card 
number theft, card associa- 
tions do provide security 
guidelines to merchants 
and banks, but not all orga- 
nizations abide by them, 
says Julie Fergerson, chairman of the 
Merchant Risk Council in New York. “If 
DPI had done the [MasterCard] Site 
Data Protection program ...the break- 
in never would have occurred,” she 
says. Now legislatures have stepped in 
to enforce change. 
That leaves IT professionals to strug- 
gle with the intricacies SB 1386 and simi- 


| lar federal legislation, called the Data- 


base Security Breach Notification Act, 
that Sen. Dianne Feinstein (D-Calif) in- 
troduced last week. Bills pending in the 
Senate include the Social Security Num- 
ber Misuse Prevention Act and the Pri- 


| vacy Act, which prohibit the display, sale 


or purchase of Social Security numbers 
and other personally identifiable infor- 
mation without the consumer’s permis- 
sion. Another bill, the Identify Theft Pre- 
vention Act, would prohibit the printing 
of full credit card numbers on receipts. 
Ever aware of a sales opportunity, IT 
security vendors are madly waving red 
flags, hoping to cash in on the SB 1386 
bonanza. Since this law exempts data 
that’s encrypted from the disclosure 
rules, storage security vendors like Kas- 
ten Chase Applied Research Inc. are 
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trumpeting the risks of network storage 
— and promoting PKI-based authenti- 
cation and encryption at the storage de- 
vice level for “at rest” data. But encrypt- 
ing stored data isn’t as easy as vendors 
make it sound. “It breaks a lot of index- 
ing and backup schemes,” says John 
Pescatore, an analyst at Gartner Inc. 
Encryption also doesn’t protect com- 
panies from insider attacks, which ana- 
lysts say are at least as common as ex- 
ternal threats. Liquid Machines Inc. in 
Lexington, Mass., extends encryption to 
data retrieved in queries. Policies set in 
Active Directory or another LDAP- 
compliant directory service control 
user access; results can be pasted into 
and viewed locally within supported 
applications such as Excel and Word. 
All usage is centrally monitored. 
Another start-up, San Francisco- 
based Vontu Inc., offers a surveillance 
tool to help monitor access to sensitive 
data and “quarantine” it when issues 
arise, while Cupertino, Calif.-based 
StrongAuth Inc. offers compliance man- 
agement and SB 1386 policy templates. 
Such technologies can provide tactical 
support, but do you need them? Organi- 
zations with well-designed security poli- 
cies and infrastructures will probably 
exceed the legal hurdles these rules set, 
analysts say, although compliance-moni- 
toring tools may also be needed. And 
every organization handling sensitive 
consumer data should be using encryp- 
tion. Implementing that is no picnic, and 
that’s where vendors could be of help. 
“The product vendors should focus 
on making it easier, not on trying to 
drum up fear, uncertainty and doubt 
with every new law that comes along,” 
says Pescatore. Fortunately, vendors 
seem eager to rise to that challenge. D 
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Here are just a few privacy regulations coming your way: 
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OPINION 


SarbOx: Where IT 

and Finance Meet 

CIOs need to jump in and figure 
out how to meet the looming 
requirements, says columnist 
Norbert J. Kubilus. Page 44 


Managing the 
Temporary Players 
A Web-based workforce 
management system 

lets Shell Oil improve 
the way it contracts for 
temporary help. Page 42 


Wanted: Security Tag Team 
IT and engineering must join to 
secure dangerously vulnerable 
process networks, like at Du Pont, 
where Tom Good (left) has been 
leading the effort to protect such 
systems. Page 38 





ANOTHER 


HE IT DEPARTMENT at Ahold 
Information Services in Green- 
ville, S.C., has been working for 
years toward a deadline that’s 
little known outside the retail world. 


“We began designing data warehous- | 


es and new projects three, four, even 
five years ago with this in mind,” says 
Ed Gropp, chief business and technol- 
ogy officer at the subsidiary of Ahold 
USA Inc., which operates U.S. super- 
markets including the Stop & Shop and 
Giant Food chains. The company is 
“fairly well along,” Gropp says, and 
he’s confident Ahold will be ready. 

But others in the retail industry are 
less prepared. 


The dust has barely settled over Y2k, 


and there’s another technology dead- 
line approaching. Sunrise 2005 is the 
Uniform Code Council Inc.’s (UCC) 
mandate by which all U.S. manufactur- 
ers, distributors and retailers must be 
able to process new, longer product 


» Well 


says the food retailer has prepared for UPC remediation ls NY Lee 


codes by 2005. Like Y2k, this is a busi- 
ness issue that involves database field 

| formats, so responsibility falls heavily 

| on IT. Like Y2k, it’s a seemingly simple 
task that becomes more complex as 
you get more involved. And like Y2k, 
it leaves most retailers with no choice 
but to comply. 


A Globalization Issue 
Sunrise 2005 is essentially about nu- 
merical limits and globalization. In the 
1990s, the Lawrenceville, N.J.-based 
UCC, which assigns the 12-digit uni- 
versal product codes (UPC), deter- 
| mined that the numbers would even- 
| tually run out if more digits weren't 
added. The council notified retailers 
in 1997 that as of Jan. 1, 2005, it would 
introduce 13-digit UPCs and that they 
would have to be able to process them. 
Sunrise 2005 is also a step toward 
global synchronization of retail data, 
which is expected to cut precious time 





ohades of Y2k: U.S. retailers must 
update their systems to handle 
longer bar codes by Jan. 1, 2005. 


BY KATHLEEN MELYMUKA 


and billions of dollars out of the supply 
chain. Current UPCs conflict with the 
eight- to 13-digit European Article Num- 


frequency identification (RFID). 
Although Sunrise 2005 also affects 
manufacturers, the bigger issue is for 





bering (EAN) codes used throughout 


the rest of the world. 


When foreign products are traded 

| here, they must be relabeled so that 

| U.S. 12-digit systems can read them, a 
time-consuming, expensive and error- 
prone effort. This relabeling will end 

| in 2005. 


A final twist: Sunrise 


| 2005 requires that U.S. 


retailers be able to 


| process 13 digits, but the 
| UCC recommends that 


they process 14 digits. 
That’s because 14-digit 


| codes will be required 


for global synchroniza- 
tion as well as emerging 
supply chain tools such 
as reduced space sym- 
bology (RSS) and radio- 


retailers, says Pam Stegeman, vice 


president of supply chain and tech- 


WHAT IS IT? 


‘alaL’ 


Bees m eee eet a} 
et eR URS MLL TLE ae 
turers, distributors and retail- 
ers be able to process 13-digit 
product codes by Jan. 1, 
2005. (The current U.S. stan- 
Crt eae CML ke ee 
ome BU are i Ue} 
move to 14-digit codes. 


nology at Grocery Manufacturers of 
America Inc. in Washington. Manufac- 
turers won't need to change UPCs on 
existing products, and their back-end 

| systems can already process 14-digit 


codes, which are often 
used on packing crates. 
Many retailers with 
large volumes of inter- 
national trade have 
been processing EAN 
code for years. “Wal- 
Mart is compliant and 
has been for several 
years,” says Linda Dill- 
man, CIO at Wal-Mart 
Stores Inc. “Because we 
have global systems, 
which means the same 
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What’s in It for You? 


According to the Global Commerce Ini- 
tiative, an organization of retailers, man- 
ufacturers and the UCC and EAN Interna- 
tional, Sunrise 2005 compliance can 
bring productivity improvements of 19% 
to 3% in supply chain costs, improving 
the bottom line by 10% to 15% per year. 
Specifically, the group says Sunrise 
2005 will: 

@ Eliminate costs associated with 
correcting inaccurate information. 

@ Automate more tasks. 

@ Serve customers better through a 
wider variety of product sources. 

@ Support food-safety initiatives by 
better identification and tracing of 
tainted products. 

@ improve trading partner relation- 
ships through better communication. 

@ Reduce product introduction time. 

The sooner your company gets with 


applications support all of our opera- 
tions in other countries, we have sup- 
ported a 13-, 14-digit product code 
since the mid-’90s.” 

The Navy Exchange Service Com- 
mand is also ready. “We are an interna- 
tional retailer, so we already deal with 
13-digit EAN codes, and our system 
will support 14,” says Bill Finefield, re- 
tiring CIO at the Virginia Beach retail- 
er for Navy bases and ships. Because 
many software vendors cater to inter- 
national companies, all his systems 


the program, the sooner you begin to 
benefit. “There are benefits to getting 
done early,” says Patrick Walsh, director 
of industry relations at the Food Manu- 
facturing Institute. “You get an edge on 
the competition in product assortment 
and the ability to accelerate e-commerce 
business applications” using emerging 
tools such as RSS and RFID. 

Christine Overby, a senior analyst at 
Forrester Research Inc., agrees. “Firms 
that get an early start sharing clean data 
with their trading partners will use money 
formerly wasted on inefficient processes 
to seed investments in new technology 
innovations like RFID,” she says. “These 
first movers will distance themselves 
from the pack as these new investments 
further reduce inefficiencies while im- 
proving customer-service levels.” 

~ Kathleen Melymuka 


“This is not a Y2k in any way, shape 


| or form,” says Gropp. “Companies are 


not going out of business if this doesn’t 
get done.” 

“It won’t cause systems to crash,” 
Garton explains. “You can still do busi- 
ness, though you may have to recon- 
struct data and fix problems.” 

Huge point-of-sale problems aren’t 
anticipated, because scanners built 
since the mid-1980s can al- 
ready process 13-digit 
codes. The trouble will 
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show up in unexpected places. For 
example, product codes are used inter- 
nally in financial systems and external- 
ly with suppliers of materials and 
packaging, distributors, and logistics 
services. “It’s messy,” says Gropp. 
“These numbers show up in almost 
every report, every screen, every file 
you process.” 

Gropp has integrated the Sunrise 
2005 remediation into virtually every 
IT project for years. “It’s not one thing; 
it’s a piece of a lot of other projects,” 
he says. “Every time we get into a sys- 
tem or we’re designing a new applica- 
tion, we make sure that it can process 
the codes,” he explains. “If we’re up- 
dating a purchasing application, we in- 
corporate this into it.” 


More Hurdles 

Finding the code is one challenge, but 
there are others. Under the current 
UPC system, the first half of the num- 
ber is a vendor ID, the second half is a 
product ID. The code as a whole is 
supposed to be “nonintelligent,” signi- 
fying nothing except a unique product. 
But some retailers have been “parsing” 
the code, using the first six digits as a 
vendor reference code to point to their 
internal data on that vendor. Parsing 
the code in this way will no longer 
work. Because EAN codes and new 
UPC codes will have vendor numbers 
up to 10 digits in length, the first six 
digits will no longer be unique. 

If retailers want to use the number 
as a vendor reference, they 
will need to use the entire 
number, Garton says. 
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Sunrise 2005 
Compliance 


Retailers were asked whether they could 
support the following product codes today: 


13 DIGITS 
IN STORE SYSTEMS 


13.DIGITS 
eee aia 


13 DIGITS 
IN STORE SYSTEMS 


13 DIGITS 
eae ait 


13 DIGITS 
IN STORE SYSTEMS 


13 DIGITS 
eae ate 


or Sa) (C NES) 
IN STORE SYSTEMS 


SPICES 
eat 


Paar 2) (Cb BS) 
IN STORE SYSTEMS 


14 DIGITS 
IN E-COMMERCE 


rnivcec 
VJNEO 


14 DIGITS 
IN STORE SYSTEMS 


14 DIGITS 
Una ete 


Terms you need to know to 
understand the global move 
to longer retail bar codes: 


QuickLink 39125 


“But the tougher part is 
how people have entire 
systems built on this,” he 
says. “I believe this [prob- 


arise if larger codes are 
incompatible with back- 
end databases. 


were built to be compliant with inter- 
national standards, he says. 


Alan Garton, director of channel 
BASE: Survey of 60 large North American retailers. 


management for general merchandise 
at the UCC, says that a large percent- 
age of traditional department stores 
and mass retailers are already compli- 
ant. “Big-box” retailers of appliances 
and electronics are a “mixed bag,” he 
says. Some are ready; others still have 
work to do. 

But grocery retailers are lagging 
because many have older systems 
that were set up in the 1970s and 
’°80s. Among grocers, global retailers 
like Ahold tend to be working on re- 
mediation, and national chains are at 
least gearing up, says Patrick Walsh, 
director of industry relations at the 
Food Marketing Institute in Washing- 
ton. “The challenge is whether the 
wholesale community and small, inde- 
pendent operators will be prepared,” 
he says. 

Failure to comply isn’t seen as po- 
tentially catastrophic — just unwise. 





“Even if point-of-sale 
scanners can read the bar 
code, you won’t be able to process the 


| data as a result of the scan,” says Chris 


Sellers, a Chicago-based retail consul- 

tant at Electronic Data Systems Corp. 
In other words, you may be able to 

sell an item to a customer, but your in- 


| ventory systems won't know it’s gone, 


your stocking system won't reorder, 


| and your revenue systems won’t 
| record the sale. The trouble this could 


cause will depend on the volume of 
non-U.S. items and new items with 


| 13-digit UPCs that you trade. 


Remediation, Again 


| Sunrise 2005 is like Y2k in that retail- 


ers have to hunt down and expand 
numeric fields in their databases. But 
it’s also different. “It’s not a date field, 
which is relatively discreet and easy to 


| find,” Sellers notes. And the code can 
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lem] is bigger than most 
people are admitting.” 

For companies that have yet to begin 
remediation, the time and effort in- 
volved will depend on their size, the 
state of their technology and whether 
they have been parsing code. EDS’s Sun- 
rise 2005 services for large companies 
include a four- to six-week assessment 
and a three- to nine-month remediation. 

The current economic doldrums and 
enduring Y2k fatigue among execu- 
tives make this a difficult time to gar- 
ner enthusiasm for another IT dead- 
line. Gropp says that among his peers, 
other priorities have often taken prece- 
dence. “They say, ‘I’ve got other proj- 
ects with higher return,’ ” he says. 

You can put Sunrise 2005 on your 
company’s radar by accentuating the 
positive, Sellers says. “You don’t want 
to say, ‘We have to do this,’” he ex- 
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plains. “You want to say, ‘Here are the 
benefits.’ ” (See “What’s in It for You?”) 
Sunrise 2005 is a voluntary deadline, 
but if you deal in a large volume of 
non-U.S. or new products or you share 
data electronically with suppliers, it 
should be a priority. “If you want good 
customer service and you want to 
share standardized data, you have to 
do this,” Garton says. Finefield agrees. 
“We learned years ago that the best 
thing you can do is be standards- 
compliant,” he says. “Typically, retail- 
ers wait too long and then hurry to 
catch up. If it’s going to impact your 
business, you need to do it.” D 





Melymuka is a Computerworld 
contributing writer. Contact her at 
kmelymuka@yahoo.com. 
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Business Intelligence? 


Computerwerld’s IT Executive Summit 
Has the Answers 
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apply to attend one of Computerworld’s upcoming 
complimeniery one-day summits on Business Intelligence. 


Neither a product nor a system, Business Intelligence (BI) is 
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SECURITY TAG TEAM 


IT and engineering must work together to secure dangerously 


vulnerable process networks. By Mathew Schwartz 


HEN AN EMPLOYEE 
from an Australian 
company that makes 
manufacturing soft- 
ware got fired in early 
2000, he applied for a 
job with the local gov- 
ernment, but was 
turned down. In retaliation, he got a 
radio transmitter, went to a nearby 
hotel where there was a sewage valve, 
and used the radio to hack into the 
local government’s computerized 
waste management system. 

Using software from his former em- 
ployer, he released millions of gallons 
of raw sewage near the hotel grounds 
and into rivers and parks. 

“He did this 46 times before he was 
caught,” notes Joe Weiss, a process- 
control cybersecurity expert and con- 
sultant at the Cupertino, Calif., office 
of Kema Consulting. “The first 26 
[times], they didn’t even know it was 
cyber,” meaning an external attack 
launched using a computer, he says. 
“From 20 to 45, they finally figured it 
was cyber, but they didn’t catch him 
until 46.” Though this person never 
worked for the wastewater utility, he 
was still able to break into its supervi- 





sory control and data acquisition sys- 
tem, which was designed with a big se- 
curity assumption in mind — that only 
insiders would want to access it. 
Hundreds of thousands of similar 
process systems and networks used in 
dozens of industries worldwide remain 
dangerously vulnerable. And like it or 
not, IT managers need to address this 
problem despite three enormous chal- 
lenges: the traditional barriers be- 
tween IT and the engineers who typi- 
cally run process networks, the highly 


| customized nature of process applica- 


tions, and the lack of security software 
for process applications and networks. 
Historically, IT has had little, if any- 
thing, to do with process-control sys- 
tems, because they run reliably and 
rarely crash. Instead, IT focused strict- 
ly on corporate data networks. But that 
needs to change, experts say. 
Process-control networks are to 
manufacturing environments what IT 
is to an office — endemic. For exam- 
ple, more than 2,400 oil, natural gas 
and chemical companies in the U.S. 
employ process-control networks in 
their manufacturing systems. Other 
heavy users of process networks in- 
Continued on page 40 
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See old and new become one. 
See bits of data become insight. 
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Continued from page 38 

clude the power, water, food, drug, au- 
tomobile, metal, mining and manufac- 
turing industries. 

For example, process networks in 
the chemical industry control chemi- 
cal-making equipment and monitor 
sensors. If anything goes wrong, such 
networks react by adjusting the envi- 
ronment in predefined ways, such as 
shutting off gas flow to prevent leaks 
or explosions. 

One company that’s taking process 
network security seriously and involv- 
ing IT is Du Pont Co. in Wilmington, 
Del. Tom Good, a project engineer at 
the chemical manufacturer, has been 
leading its 20-month-old effort to cate 
gorize and reduce its process-control 
system vulnerabilities. 

Du Pont’s philosophy for dealing 
with this problem, he says, is that “on 
all of our critical manufacturing proc- 
esses, we are either going to totally 
isolate our process systems from our 
business systems by not connecting 
our networks, or we’re going to put in 
firewalls to control access.” 

To tackle process-control network 
security, Good says Du Pont formed a 
team made up of IT staffers, who un- 
derstand networks and cybersecurity; 
process-control engineers, who under- 
stand the process-control equipment; 
and manufacturing employees, who 
understand manufacturing risks and 
vulnerabilities. 

To give the three groups visibility, 
each reports to a separate member of 
a committee that’s leading the effort. 
The team first discerned which control 
devices are critical to manufacturing, 
safety and continuity of production. 
Then the team identified the assets of 
each — hardware, data, software appli- 
cations — and researched relevant vul- 
nerabilities. Only then did it begin the 
arduous task of testing fixes and work- 
arounds to see which ones might work 
for which machines. 

Even in a manufacturing environ- 
ment that uses similar process-control 
hardware and software, precise vulner- 
abilities differ by environment. “Deal- 
ing with, say, a water treatment proc- 
ess on effluent out of a plant is consid- 
erably different than dealing with a 
production operation, where you 
might be dealing with vessels under 
high-temperature and high-pressure 
conditions,” says Good. 

On the basis of its research, the team 
is also deciding how to separate net- 
works and where process-control fire- 
wall appliances should go. High-end 
enterprise firewalls aren’t required; 
each process network supports only 10 
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| to 50 users. “The greater cost is in the 


network equipment and re-engineer- 
ing activities to separate networks and 
place critical process-control devices 


| together on the clean side of the fire- 
| wall,” says Good. “The challenge is to 


accomplish these tasks on online con- 
trol systems while keeping the process 
running.” 


The Challenge 


Until about 15 years ago, most process- 


| control networks were secure because 


they were extremely proprietary. Then 
customers demanded léss expensive 
front ends and TCP/IP networking. 


Such networking opened up process- 


HOW 106 


Understand and acknowledge 
that there’s a problem. For IT 
managers, “one of the biggest 
things is literally just understanding” 
the issues, says Kema’s Joe Weiss. 
Mitigate the IT/engineering cul- 
ture clash. “One approach that 
can be taken is just awareness - 
sitting down with the right folks on the 
manufacturing side, taking them out for 
lunch and sharing with them your infor- 
mation security strategies. Having that 
dialogue, that’s where it begins,” says 
Dow Chemicals Theresa Grant. 
Work on cross-functional 
teams. IT needs to “work with op- 
erations cn a day-to-day basis” to 
really understand process systems, 


control systems to common vulnera- 
bilities, then the Internet, yet the un- 
derlying systems weren’t strengthened 
to make up the security difference. 
The methods IT uses to secure data 
networks can’t be used to quickly se- 
cure control systems. Every compo- 
nent can have multiple critical func- 
tions. For example, at a refinery, vari- 
ous sensors help ensure safety when 
filling tankers — whether there’s a 
truck beneath the filler, whether 
there’s gas available. If the truck’s 
tanker reads full or the truck moves 


| away, the process must interrupt. 


Process-control hardware is also dif- 
ficult to secure. Application custom- 
ization is so rife that it’s impossible to 
run antivirus software on some PCs 
and Unix boxes, says Kris Zupan, CEO 
and chief technology officer at e-DMZ 
Security LLC, also in Wilmington. 





Likewise, patching the operating sys- 
tem can require rewriting the applica- 
tion. In the rare cases when applica- 
tions can be patched, shutting down 
the always-on machines is costly — 
and a patch might have unintended ef- 
fects and compromise production. 

Other information security tools 
don’t work well in these environments 
either; for example, complicated pass- 
words can slow access in an emer- 


| gency. As a result, every machine of a 


particular type worldwide may have 
the same password. In other words, 
anyone who has ever used one type of 
machine theoretically has access to all 
machines of that type. 


STARTED 


what is really applicable to these types 
of systems and what is needed to im- 
prove their security, says Weiss. 


Get your CIO involved. Engi- 

neers report to the vice president 

of operations or manufacturing; IT 
reports to the CIO. They're in different 
silos. Those two need to talk, along 
with the heads of risk management 
and physical security. 


Foster a leadership group. 

Dow created a global information 

management team with represen- 
tatives from all work processes to 
share information and challenges that 
other lines of business might not un- 
derstand. 

- Mathew Schwartz 


IT managers everywhere will have 
to learn that safety in process control 
is paramount. That’s a switch. IT’s tra- 
ditional goal is “data confidentiality, 
data integrity and data availability,” 
says Theresa Grant, director of infor- 
mation security at The Dow Chemical 
Co. in Midland, Mich. “However, in the 
process-control arena, the very first 
objective is safety, the second is safety, 
and the third is operational integrity.” 
If certain systems fail, people can die. 

To help companies assess and reme- 
diate process-control vulnerabilities, 
various initiatives are under way. The 
Instrumentation, Systems and Auto- 
mation Society, a Research Triangle 
Park, N.C.-based standards body, is de- 
veloping best practices for securing 
process-control networks. 

Various organizations, including pe- 
troleum and chemical trade associa- 








www.computerworld.com 


tions, have commissioned studies to 
find best security practices for their in- 
dustries. Studies in hand, they hope to 
persuade each industry to implement 
security best practices. 

Another initiative, at least at Du 
Pont, is to get Microsoft Corp. to better 
detail its patch practices. Good says 
too much time is spent testing patches 
to make sure they work with the 
process-control applications, when in 
many cases, the patch might not even 
be applicable. 

Du Pont sat down with Microsoft 
representatives and “exposed them to 
our world of safety — where any safety 
incident is unacceptable,” says Good. 
“T don’t know where the awareness- 
building will lead. If Microsoft mea- 
sures what it’s doing as ‘better’ be- 
cause it had 200 fixes this year vs. 250 
fixes last year, there’s obviously a gap 
in meeting the level of performance 
that is important to our industry.” 

The more realistic solution is for IT 
and engineering departments to coop- 
erate on the problem. For example, IT 
knows how to better secure things — 
“change management, release manage- 
ment, providing things of that nature,” 
says Dow’s Grant. Engineers under- 
stand process-control intricacies. 

Hence, any fix-it team needs both 
kinds of experts, as well as anyone else 
with a stake — manufacturing, supply 
chain — to help explain what touches 
what. That team would map comput- 
ers, processes and networks and test 
where security can be applied. It’s 
exacting work, warns Zupan: “If you 
modify the controlling system, it can 
produce hazards that not even the 
designers predicted.” 

The irony, of course, is that compa- 
nies demanded off-the-shelf compo- 
nents, and now they’re paying the 
security price. Network separation is 
likewise no simple panacea. “It’s been 
there in limited fashion [before], but a 
lot of times, there’s a lot of back doors 
and a lot of Web front ends that need 
to be protected as well,” says Michael 
Rasmussen, an analyst at Forrester 
Research Inc. 

Process-control hardware can have 
a life span of 15 years. No doubt, some 
security vulnerabilities will remain as 
long as current hardware remains in 
use. By tackling the greatest risks, 
however, companies can help mini- 
mize their process-control system vul- 
nerabilities and better secure manufac- 
turing environments. D 


Schwartz is a freelance writer in 
Somerville, Mass. He can be reached 
at Mat@Penandcamera.com. 
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shell uses a Web-based system to reduce | 
the costs and headaches of procuring 
short-term labor. BY THOMAS HOFFMAN 


IKE OTHER BIG, geographically 

dispersed companies, Shell 

Oil Products US spent a lot 

of money on temporary con- 

tract labor to fill short-term 
requirements for everything from ac- 
counting to IT consulting. 

But while the Houston-based sub- 
sidiary of Shell Oil Co. still spends 
nearly $100 million annually for con- 
tract labor, it now takes a more cost- 
effective approach, thanks to its imple- 
mentation late last year of a contingent 
workforce management system. 

The Web-based system from Denver- 
based IQNavigator Inc. helps Shell Oil 
Products automate its contingent work- 
force management processes, includ- 





| nology International Group — an IT 


ing supplier qualification, requests for 
proposals, time-and-expense entries 
and invoicing. 

Prior to the initiative, functional and 
business departments throughout Shell 
Oil Products applied a hodgepodge of 
manual processes to manage tempo- 
rary and contract labor, says Kim 
Chapman, team leader for the contin- 
gent workforce management project. 
“We were spending quite a bit of mon- 
ey, and the team was charged with 
looking at how we could reduce our 
spending” through improved sourcing 
and better rates, says Chapman. 

The team, which included represen- 
tatives from Shell Information Tech- 





| services arm that supports multiple 


Shell divisions — set a goal of reducing 
contingent workforce spending by 8% 
annually. Thanks to the use of IQNavi- 
gator, a set of process improvements 
and a reduction in the number of labor 
suppliers it worked with, Shell Oil 
Products was able to surpass its annual 
cost savings target in less than two 
months. 

Reducing the number of contingent 
labor suppliers was one of the first 
steps. For instance, Shell Oil Products 
had been working with more than 20 
suppliers of temporary administrative 
personnel, says Chapman. But it’s 
now working with just four preferred 
suppliers. 

By consolidating, Shell Oil Products 
is in a better position to negotiate la- 
bor rates, and there are fewer supplier 
relationships to manage. The consoli- 
dation, as well as automation and 
process improvements, lets Shell 


| Oil Products get volume and early- 


payment discounts from its labor sup- 
pliers. By virtue of these discounts, 
the company has cut its payments to 
new contractors by an average of 28%, 
Chapman says. 

The labor vendors like it, too, be- 
cause it means they can become pre- 
ferred providers for all of the divisions 
of the company, not just one or two. 

“Tt’s a vendor’s dream. It’s still up to 
you to perform, but now you won't be 
limited” in the number of corporate di- 
visions you can work with, says Pam- 
ela O’Rourke, president of Icon Infor- 
mation Consultants LP, one of the pre- 
ferred consultants that Shell Oil Prod- 
ucts taps for temporary labor. 


Getting Suppliers to Pay 

One reason Shell Oil Products has got- 
ten such swift returns on its invest- 
ment is that it’s not paying for IQNavi- 
gator. The software is paid for by labor 
suppliers such as Icon Information. 

Having suppliers pay access fees for 
contingent workforce management 
software “has become the norm in the 
industry,” says O’Rourke. She points to 
similar arrangements Icon has with J.P. 
Morgan Chase & Co. and Waste Man- 
agement Inc., where system access fees 
typically range from 3% to 5% of an in- 
voice, she says. 

A Gartner Inc. report last year la- 
beled IQNavigator a “trendsetter” in 
this market niche and said the compa- 
ny had an impressive lineup of large 
customers. But while the use of con- 
tingent workforce management sys- 


| tems might be gaining traction in the 


U.S., it hasn’t drawn much interest in 
Europe, notes Wolfgang Bernhart, a 
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SHELL OIL 
PRODUCTS US 
HEADQUARTERS: Houston 
PARENT COMPANY: Shell Oil Co. 


BUSINESSES: An oil refiner and mar- 
keter, with four refineries in the west- 
ern U.S.; it sells fuel at 22,000 gas 
stations (along with partner Motiva 
Enterprises LLC). The company also 
makes lubricants such as motor oil. 


HISTORY: The unit was acquired 
from Texaco and recently absorbed 
Pennzoil-Quaker State. 


SOURCES: WWW.HOOVERS.COM 
WWW.SHELLOILPRODUCTSUS COM 


consultant at Arthur D. Littlke GmbH 
in Wiesbaden, Germany. 

At Shell Oil Products, Chapman 
says, the biggest challenge was getting 
different departments to change the 
way they procure temporary and con- 
tingent labor and to be willing to use a 
smaller number of suppliers. 

“We're trying to educate people in- 
ternally that this is business and that 
we're trying to get the right people at 
the right price,” says Chapman. “Peo- 


| ple don’t like that kind of scrutiny and 
| aren’t always accepting of that level of 
| change.” 


So it didn’t hurt that the company’s 


| CEO and chief financial officer spon- 
| sored the project. 


To help other departments and divi- 


| sions accept the new approach to hir- 
ing contract labor, Chapman and his 

| team “did a lot of change management 
| work,” he says. It included holding 

| awareness sessions with suppliers and 
| internal managers and communicating 


the benefits of the new approach. 
“Some areas were more receptive than 
others,” says Chapman. 

Nevertheless, the project is moving 
apace. In December, Shell Oil Prod- 
ucts’ human resources, supply chain 
and special projects groups were 
added to the system. The IT division 
and retail operations units were added 
in February and March, respectively, 
followed by the company’s transporta- 
tion division in April and its refining 
and lubricants businesses in May. 

The overhaul has transformed the 
way Shell does business with labor pro- 
viders. Says Chapman, “We couldn’t 
have done this five years ago.” D 


TAMING TEMP COSTS 


Read about Carlson Companies Inc. and other big 
businesses that are using temp management software: 


QuickLink 35987 
www.computerworld.com 
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Companies Lack 
E-mail Policies 
Employers are doing a poor job of 
managing employee e-mail and 
preparing for potential e-mail- 
related lawsuits and regulatory au- 
dits, according to a recent survey 
of 1,100 companies from the Amer- 
ican Management Association, The 
ePolicy Institute and Clearswift 
Ltd. Here are some key points: 


® 34% of employers have imple- 
mented written e-mail retention 
and deletion policies. 


@ 22% have fired employees for 
violating e-mail policies. 


@ 14% have been ordered by a 
court or regulatory body to produce 
e-mail, up from 9% in 2001. 

@ 48% offer e-policy education, 
and 27% provide e-mail retention 
and deletion training. 


@ 90% have installed software to 
monitor incoming and outgoing 
e-mail, but only 19% use technolo- 
gy to track internal e-mail. 


Former GE Exec 
Joins Solectron 


Marc Onetto, a former General 
Electric Co. executive, last week 
joined Solectron Corp. in Milpitas, 
Calif., as executive vice president 
of worldwide operations. Onetto, 
52, will be responsible for world- 
wide manufacturing, materials 
management, quality, new product 
introduction, IT, logistics and re- 
pair operations. 
From 1992 
through last year, 
he held several 
positions at GE, 
including CIO in 
the GE Medical 


zac be Systems unit. 


E-billing Cuts Costs 


A 82B biller could save $2.7 mil- 
lion per year by delivering all busi- 
ness bills over the Web. Paper bills 
cost an average of $5 each to pro- 
duce and deliver; Web-based bills 
cost $2 each, according to a Gart- 
ner Inc. survey of 100 large com- 
panies that send an average of 
75,000 bills each month. 
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NORBERT J. KUBILUS # PEER TO PEERS 


Sarbanes-Oxley: Where 
IT and Finance Meet 


HERE’S A GIANT SIGH OF RELIEF rising 
in the executive suites and corporate 
boardrooms of large, publicly held compa- 
nies around the country. Why? Because 
the U.S. Securities and Exchange Commis- 
sion has postponed implementing certain key sections 
of the Sarbanes-Oxley Act for nine months. This gives 
the SEC more time to complete the regulations that all 
SEC-regulated companies will have to follow. 


Postponing SarbOx (as 
it’s affectionately called) 
will give CEOs, CFOs and 
external auditors more 
time to institute proce- 
dures for keeping track of 
all financial information, 
from the moment of incep- 
tion to the final submission 
in an annual report to the 
SEC. It also delays the 
SarbOx mandate that every 
public company submit an 
annual report to the SEC 
that assesses the effective- 
ness of its internal controls for finan- 
cial reporting. 

Sounds like a purely financial issue, 
right? Not quite. 

Yes, SarbOx is fundamentally finan- 
cial legislation. Enacted in part as a re- 
action to Enron and other corporate fi- 
nancial scandals, the law’s goal is for 
public companies to produce more 
complete and accurate financial re- 
ports. The emphasis on internal con- 
trols, however, goes far beyond poli- 
cies, procedures and external audits. 

The SEC still must define what “in- 
ternal controls” means in terms of 
compliance regulations, but one thing 
is almost certain: Any public company 
that utilizes IT as part of its financial 
business processes will find that IT 
controls are included in the definition. 
SarbOx compliance could also mean 
an overhaul or upgrade of financial 





transaction and reporting 
systems for most compa- 
nies, regardless of size, in 
order to meet regulatory 
requirements for more ac- 
curate, more detailed and 
speedier filings. 
So far, CIOs have been 
warming the bench, while 
CEOs, CFOs, attorneys and 
auditors attempt to address 
known and anticipated 
SarbOx compliance issues. 
Now is the time for the 
CIO to get into the game 
and step up to take the lead on the IT 
control issue. The CIO should view 
the IT organization and infrastructure 
as if he were the CEO of a “business 
within the business.” Would the CIO 
be comfortable putting his neck on the 
line during a SarbOx compliance au- 
dit? Probably not. 

Although regulations haven’t been 
defined for compliance with SarbOx 
Section 404 — which mandates an au- 
dit of internal controls — there are a 
number of areas where the CIO can 
apply common sense and best prac- 
tices to comply with the act’s goals. 

Examining the control processes 
within the IT organization relating to 
financial systems is the logical place to 
start. For example, segregation of du- 
ties within the systems development 
staff is a widely recognized best prac- 
tice that helps prevent errors and out- 





right fraud. The people who code pro- 
gram changes should be different from 
the people who test them, and a sepa- 
rate team should be responsible for 
production change control. 

Homegrown financial systems are 
fraught with potential data-integrity 
problems, but packaged systems aren’t 
totally immune, either. Although lead- 
ing ERP systems offer audit-trail func- 
tionality, customizations of these sys- 
tems often bypass those controls. The 
CIO has to work with internal and ex- 
ternal auditors to ensure that cus- 
tomizations can pass muster. 

Closely related to development and 
change controls are project manage- 
ment methodologies. The leading 
cause of systems implementation fail- 
ure continues to be poor project man- 
agement. The CIO must ensure that 
the IT department has a process to en- 
sure a successful selection and imple- 
mentation of new or upgraded finan- 
cial systems within defined schedules, 
budgets and acceptable levels of risk. 

Records management is another 
area of concern for the CIO as the 
long-term custodian of corporate data. 
How a company stores and transmits 
electronic documents — and whether 


| or not they’re deleted — can have sig- 


nificant legal and financial conse- 
quences. The CIO should work with 
the CEO, CFO and corporate attorneys 
to create a document-retention-and- 
destruction policy that addresses what 
types of electronic documents should 
be saved — and for how long. 

Ultimately, SarbOx compliance will 
require a close working relationship 
involving the CEO, CFO and CIO. Get- 
ting into the game starts with running 
IT as a business and strengthening IT 
internal controls. B 


MORE COVERAGE 


See all of Computerworld'’s coverage of the 
Sarbanes-Oxley Act at our Web site: 


QuickLink a3250 
www.computerworld.com 
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Data Warehouse 
Architect Specialist 


A global, Boston-area company 
engaged in the design, manufac 
ture and sale of consumer prod 
ucts, has an immediate need for a 
highly skilled Data Warehouse 
Architect Specialist in their Data 
Architecture and Capacity Plan: 
ning group. This senior, mentor 
level position is responsible for 
analyzing financial, manuf 
g and retail sales data a 
isiness decision support 
nts into implementabie 
and multi-dimensional 
tata and database models, and 
maintaining them within an Ora 
data warehousing environ 
m education is 
Computer 
evant field. Minimur 
required is five 
degree business s 
gence experier 
elational data r 
1 database design, tc 
data warehousin 
uring and retail opera 
Specific requirements in 
demonstrated ability to 
complex business require 
both relational 
star-schema / snowflake concer 
tual and logical data models 
to Oracle 8i-compliant 
| models. Also required is 
strated ability to utilize 
ng tool, and the 
Ss reporting t 
required is the dem 
d ability to develop, eval 
and maintain data 


is and metada 


strated ability to code 

Oracle 8i envi 

UNIX platform 

s $99,200 per year 

de ten (10) days 

vace DI meaicai Jental 
Jisability, | surance, and oth 

ndustry-competitive benefits 

Qualifiec plicants respond witt 


f resume only to 
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SOFTWARE PROGRAMMER 


Participate in software dvipmnt 
process, including generation of 
software specs & reqrmnts 
of detailed software dsgr 
cumentation, modular decorr 
position of abstract tional 
reqrmnts into software module 
specs & templates, software 
ode walk-throughs & reviews 
& black box/white box testing 
Will utilize C & C++ program 
ming langs. in Embedded soft 
ware for communication/network 
software dvipmnt, COM compx 
vent dvipmnt, Basic language as 
used in Vis. Basic environment 
& Java language. Will work in 
dows NT operating sys 
ncluding Windows, COM, & 
ActiveX c 
gies, MS Office, Networking 
Communication & related tools 
Utilize software config. & contro! 
BS in Comp. Sci. or 
1g + 4 yrs exp. in position 
or as a Software Engnr 
Engnr. Must have: (i) 
C & C++ programming 


yponent technolo: 


COM component 
Basic & Java lan 
guages, Windows NT operating 
sys., ActiveX, MS Office & relat- 
ed tools & software config. & 
control tool; & (ii) worked on 
Network/Communication soft 
ware dvipmnt, incl. working 
knowledge of SNMP V2 MIBs 
40 hrs/wk, OT as reqd. 8 am - 5 
pm, $64,240/yr. Applicants 
submit resumes to. Site 
Manager, PA CareerLink 
Westmoreland County, 300 East 
Hillis Street, Youngwood, PA 
15697-1808. Please refer to 
Job Order Number WEB 


337601 


IT\careers 


Software Engineer: Participate in 
the development design specifica- 
tions and implementation of com- 
mercial applications. Ensure design 
integrity, timely delivery and high 
code quality of implemented work 
Will participate in the design, devel- 
opment and support of proprietary 
software solutions in Web-based 
and Client/Server architecture. De 
velop software using Object Ori- 
ented Design technologies to cre 
ate flexible large scale databases 
and information management sys 
tems. Requires: M.S. in Computer 
Science or an Engineering or quan 
tive field with no experience or 
smputer Science or Engin- 

eering or quantitative field and 5 


oftware devel. 


years experience 
opmer Demonstrated ability in 


XML, Visual C ++, and 


Case 
abor Ex 
19 Staniford Street 


MA 02114 


Senior Developer: Design and de. 
velop customized user tools for 
various it applications using e 
commerce technologies and sys 
tems integration with object orient 
ed analysis and design. Develop 
E-commerce projects using J2EE 
architecture, develop components 
using EJB, Serviets, JSP, JMS 
2 typtography 

ans, Java Applications. Work 
»mponents to access different 
databases LDAP, Oracle 

ork with Rational 

1 object model for 

2cts. Work n data-Warehous- 
using Oracle, Hyper. 

ognos, MicroStrategy. Worl 

Is for Y2K conversions us 

ing REXX, ISPF, COBOL. Imple- 
ment projects Y2K projects Using 
CICS, COBOL, PL/1, DB2, IMS 
DB/DC, JCL, PACBASE, MANTIS 
and MVS. Requires: Bachelors in 


al Engineering or its equiv- 


Applets 


lence and Ss experience in 
logies. 40hrs. 

5:00 PM) 

Send two resumes: 

t Case Number 
Labor Exchange 
19 Staniford Street, 1st 


Boston, MA 02114 


Architect, Hardware Deve!lop- 
ment Group. Responsible for 1) 
Algorithm Development and 
Simulation aimed at proving out 
algorithms for incorporation into 
future jraphics cores 
2)Algorithm Migration aimed at 
implementation specification for 
graphics chip,(3) supporting chip 
development team for such 
implementation, and(4) Industry 
ar Academia interaction 
including giving presentations 
and writing technical papers 
Requires Ph.D. in Computer 
Science plus 4 years exp. in job 
offered or 4 years directly relat 
ed professional experience 
Rate of pay: $100,000.00/year. 
Hours: 40/week - 9 am to 5pm 
Reply by resume only (2 copies) 
to Case # 200201558, Labor 
Exchange Office, 19 Staniford 
Street Floor, Boston, MA 
02114 


or Design Verification Test En 
Develop and rate all 
f hardware diagnostics 
Jevelop read/write and device 
iriver capability for new hardware 
product components using in rea 
time operating OS in addition to 
data communication 
technologies such as SONET 
SDH, 1 0 Ethernet, ATM and 
legacy transport protocols such as 
DS1 and DS3. Requires: Bachelor 
of Science in Electronics and En- 
gineering and 2 years experience 
in Information Technology. Must 
have hands on knowledge of C 
C++, Assembly, and OOD comput- 
er languages. 40hrs/wk (8:00 AM 
to 5:00 PM); $77,000.00/yr. Send 
two resumes/responses to: Case 
Number 200202532, Labor Ex 
change Office, 19 Staniford Street 
1st Floor, Boston, MA 02114 


Software Engineer 
(Bioinformatics) 


Genaissance Pharmaceuticals, Inc 
has an immediate opening in its 
New Haven, Connecticut facility for 
a Software Engineer (Bioinformat 
ics). Will develop and execute soft 
ware system test plans and perform 
various database, data mining, inte 
gration research, and design and 
testing assignments in the develor 
ment of computer systems and ap: 
plications in the field of Bioinformat 
ics. Must poss a Ph.D. in Life 
es, Mathematics, Physics, or 
uter S 
work experience, including exper 
ence with mathematical 


and concepts, such as probability 


ience; and relevant 
modeling 


and statis inferences and algo- 
ithmic ¢ socket programming 
fi SD Kernel and Java, Ora 


computing-based environment 
va and SQL programming 


wages, and UNIX operating s 


me and/or cover 
h requir 
reference code SZ/SEB or it 
2cted. Forward resume t 
Webb, Human Resource 
iate aissance Pha 
suticals lev 
lew Have V 
2qual opportunity employe: 


SOFTWARE ENGINEERS (Mult 
iple Openings): Candidate must 
have 1-4 yrs. of exp. in Software 
Development/Programming 
BS/MS Comp.Sci/Engg/Bus. or 
related field. Exp. in all phases of 
software development life cycle 
Knowledge of EJB, Vea Web 
Logic, Sebsphere, RM DB2 
PowerBuilder, Rational Rose 
C++, Java, J2EE, J-Builder, Visual 
Basic, JOBC, XML, HTML, LDAP, 
PHP, Oracle, Sybase, ASP, COM, 
DCOM, SAP, SQL, Apache Web 
Server, CICS, JCL, ABAP, Siebel 
and Object Oriented Program 
ming Languages. Exp. in GUI 
development on Windows plat 
forms. Familiarity with both UNIX 
& Windows environment. Know 
ledge of TCP/IP, SSH & Web 
Services. Exp. with Windows da 
tabase technologies & database 
design. Strong teamwork & com 
munications skills. May require 
traveling to client sites in the U.S 
vfts. Mail resume 
nologies, Inc., 605, 17th 
Suite #1, East Moline, IL 
61244 


BellSouth, a leader in providing 
local and cellular telephone, pag 
ing and mobile data services has 
multiple openings for the follow 
ing positions in its Atlanta 
Georgia office 


Senior Software Developer 
Software Enginee 

Portal Content Analyst Latin 
Market - Spanish fluency required 
Channel Analyst 


All positions require a relevant 
bachelor's or master's degree or 
foreign degree equivalent and rel 
evant experience including expe 


rience with Homebase software 


For consideration, please forward 
your resume to: Ms. Lisa 
Burlingame, Bi uth, 2247 
Northlake Parkway, Suite 800 
Tucker, Georgia 30084. Please 
do not email or fax resumes 


EOE 


Software Engineers & 
Programmers: Analyze, design 
Jevelop, test and maintain a 
highly sophisticated/interactive 
Web Portal, e-commerce and 
content management system 
encompassing over 500 cate 
gories and 22,000 products/ser 
vices and software solutions 
employing state of the art engine 
search technology including 
DB2 7.0, WebSphere 3.5, IBM 
Server, Tomcat, Oracle/Oracle 
9IAS, WebLogic, Microsoft Visio 
UML, P3P, IBM policy Editor 
SilverPop & Accucast email 
servers, SalesLogix, Proficient 
Web Trends & KeyLine tracking 
Starteam, Unix Shell Scripting 
Ultra edit, Top Style Pro, XML 
J2EE and related technologies 
For Info or to apply, contact 
Human Resources, Knowledge- 
Storm, Inc., 2520 Northwinds 
Parkway, Suite 300, Alpharetta 
GA 30004. EOE. No phone calis 
please 


Aluminum Blanking has open- 
ings for system or programmer 
analyst responsible for Oracle 
database administration & 
Intranet management. Candid- 
ates must have BS with exp. in 
Oracle DBA. We offer competi 
tive wage with full benefits. 
Please contact 
landerson@albi.com. EOE 


iT professionals (program- 
mers/system analysts, software 
engineers) wanted by Advanced 
Technology Group USA 
Minimum requirement is BS 
Skills in Java, Oracle, SQL 
HTML, WebLogic, JSP, VB, EJB 
are strong plus. Please send 
resume to info@atgusainc.com. 
EOE 


Systems & Software Test 
Engineer - ReqS BS-CS/CE with 
lyr exp. Knowledge of iDen 
Technology & phone configura- 
tions; IPTF, ISDS, Xflash, Wedb- 
JAL, RSS, DDTS, & Clear Case 
req'd. Mail resumes to Signature 
Consultants, 2200 W. Commer- 
cial Blvd, #207, Ft. Lauderdale. 
FL 33309 


Software Developer - Reqs BS 
or equiv. CS/CE with tyr exp. 
Knowledge of iDen Technology, 
UIS frame work of iDen phones 
and phone configurations, SDS 
IPTf, Xflash, WedbJAL, RSS 
DDTS, Clear C req'd. Mail 
resumes to Signature Consult- 
ants, 2200 W. Commercial Bivd 
#207, Ft. Lauderdale, FL 33309. 


BellSouth, a leader in provid- 
ing local and cellular tele- 
phone, paging and mobile data 
services has multiple openings 
for the position of Systems 
Administrator in its Atlanta, 
Georgia office: Position re- 
quires relevant bachelor's de- 
gree or foreign degree equiva- 
lent and relevant experience 
For consideration, please for- 
ward your resume to: Ms. Lisa 
Burlingame, BellSouth, 2247 
Northlake Parkway, Suite 800 
Tucker. Georgia 30084 
Please do not email or fax 


resumes. EOE 


Computer Programmers: 
Must have 4 years of 
experience plus a BS in 
Comp/Elect Eng or relat- 
ed field. Mediaspace 
Solutions, 101 Merritt 7, 
3rd Floor, Norwalk, CT 
06851 Please send 
resumes to jobs@ 
mss-mail.com in MS 
Word or Adobe Acrobat 
format 


K Kama Consulting Inc. 


TOP $$’s, W2 or 1099 


We are a fast growing 
Consulting company based 
in New Jersey 
Excellent opportunities for 
Programmers 
Systems Analysts, DBAs 


Sun Solaris System Admins, 
Natural, Webshere, 
ADABAS, ORACLE, SYBASE, 
PROGRESS, COBOL, C++ 
TCP/IP, Delphi/VB, Windows NT 


Send your resume to 
Rod McFadden 
Kama Consulting 
Fax: 704-896-9660 
Email: rod@kamaco.com 
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Application Development Con- 
sultant needed at client sites to 
build telecom enterprise busi- 
ness app! systems for business 
n/work inventory mgmt & svc 
delivery: For web based GUI 
dvipmt using tools such as Java 
JSP, Serviet, XML, XSL, Java 
Script, Perl/CGI on servers such 
as Oracle9iAS, Apache, JURN 
Web Logic, Tomcat; & for back- 
end & interface using tools such 
as C++, Java, CORBA, EJB 
JDBC, XSQL: + tools on Unix 
PC & Oracle DB. Send resume: 
to: Hireme, Global Consultants. 
25 Airport Rd. Morrisown, NJ 
07960. 


Prog/Analysts(Job 90) to ana- 
lyze, design/develop and en- 
hance online & batch programs 
using Java, JSP, Jscript 
Serviets, HTML, COBOL, CICS. 
DB2 etc. under Windows and 
IBM ES 9000 envir; perform 
unit/system level testing, req: 
uirement analysis; implement 
new/modified programs; debug. 
maintain,document process 
Require: B.S. or foreign equiv. 
in CS/Engg(any branch) & 2 yrs 
of exp. in IT. Send Resume to 
Priscilla Vickers/HR 
Transplace, 509 Enterprise 
Drive, Lowell, AR 72745. Must 
specify on cover letter applying 
to Job 90. 
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Network Systems and Data 
Communications Analyst 
Analyze user & software reqs & 
plan computer systems of net- 
works; analyze, evaluate, test & 
troubleshoot computer systems, 
computer networks, PBX net- 
work, telecomm systems & A/V 
systems; design info and comm 
system; augment existing net- 
work of computers, printers 
scanners, projectors, etc; man- 
age user accts in network. Req 
Bachelor's degree in Electronics 
Eng’g. or related, or equiv and 1 
yr exp in job offered or as 
Network Eng'r. $14.67/hr, 40 
hpw, M-F, 8a-5p. Send resume 
to Larry Farish, Manager 
Premier Hospitality LLC, 400 
Greymont Ave., Jackson MS 
39202 


Prog Analysts to analyze 
design s/w appls using SAP 
R/3, ABAP/4 Workflow 
Technology, C, C++, VB 
Oracle, MS SQL Server on 
UNIX and Windows os; gather 
and document reqs from user! 
community; test/troubleshoot 
project appl code according to 
system objectives. Require a 
B.S. or foreign equivalent in 
CS/Engg (any branch) or relat- 
ed field with 2 yrs exp in IT. 
Highsalary. F/T position. Travel 
Required. Resume to HR, 
Smartsoft International, Inc. 
4898, South Old Peachtree Rd, 
Norcross, GA 30071 


Looking For 
A 
New Career? 


The new 


itcareers.com 


CareersJournal.com 
combined 
jobs database 
can help you 
find one. 
Check us out! 


www.itcareers.com 
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Oracle Apps DBA: Design, devel- 
‘op, implement & test the business 
applications in areas of database 
optimization, logical & physical 
database design, data extraction 
conversion, migration, proce- 
dures, data modeling using ora- 
cle 9i, 8i, 8.0, PL/SQL, Oracle 
Designer, Developer 2000 & 
relational database tools on a 
UNIX system. Exp with systems 
;support on Solaris & Websphere 
App. Server, performance tuning 
Erwin, E/R studio designer, pow- 
er designer, Informatica & Oracle 
enterprise manager. Req MS in 
Comp. Sci. Engg/Rei field with 2 
yrs exp or BS with 5 yrs exp 
Wages: $75,000/yr, 40 hrs/wk 
8am-Spm. Send 2 resumes to 
Case #200202165, Labor Ex- 
change Office, 19 Staniford St 
1st Fl., Boston, MA 02114. 


VegaStream, Inc., located in 
Boca Raton is seeking F/T expd 
Manager of Product Support to 
research, design, and developing 
of computer software systems, in 
conjunction with hardware prod- 
uct development. Analyze soft- 
ware requirements to determine 
feasibility of design within time 
and cost constraints. Consult with 
hardware engineers and other 
engineering staff to evaluate 
interface between hardware and 
software, and operational and 
performance requirements of 
overall system. Formulate and 
design software system, using 
scientific analysis and mathemat- 
ical models to predict and mea- 
sure outcome and consequences 
of design. Bachelor's degree in 
Computer Science, competitive 
salary. Fax resume to H.R 
(561) 995-6027 


Sys/Analysts to analyze, 
design, customize and imple- 
ment businessapplis using 
Oracle Financial Applications 
PL/SQL, SQL Plus, SQL Loader 
and Oracle; perform data con- 
versions, customize Forms/ 
Reports using Oracle Applica- 
tions standards; document, 
maintain & update development 
process;perform tuning, modifi- 
cation, troubleshooting and 
debugging of system soft- 
ware.Require: BS or foreign 
equiv with concentration § in 
CS/Engg(any branch)/Business 
admin. & 2 yrs exp in IT. In lieu 
of BS, 3 yrs of academic stud- 
ies towards a Bachelors plus 
lyrs of exp in Oracle 
‘Applications will be accepted 
Travel required. High salary. 
F/T. Resume to: HR, Fourth 
Technologies, Inc., 585 Toligate 
Road Suite |, Elgin, IL 60123. 


Prog Analysts to analyze, 
design, code and maintain 
web/client server applications 
using Java, C, C++, CORBA 
J2EE, HTML, Serviets, XML, 
Weblogic Server, IIS, Oracle, 
MS Access etc under Windows, 
Sun Solaris OS; perform 
automation of functional/regres- 
sion testing with WinRunner, 
eTester and Astra Quick Test; 
provide on site maintenance 
support such as debugging, 
modifications, fine tuning & 
code optimization. Require 
BS or foreign equivaient in CS/ 
Engg(any branch) with 2 yrs 
exp in IT. High salary, F/T, 
Travel involved. Resume to 
HR, Semafor Technologies, Inc, 
3300 Holcomb Bridge Road, 
Suite 212, Norcross, GA 
30092. 


SENIOR (UNIX) 
SYSTEMS ENGINEER 


A globai consumer packaged 
goods company based in the 
Greater Boston area, engaged in 
the manufacture, distribution and 
marketing of a range of personal 
care products, has an immediate 
need for a highly skilled Senior 
(UNIX) Systems Engineer. This 
senior-level position involves the 
analysis and proposal of system 
hardware, software, and system 
solutions for centralized HP-UX. 
AIX and NT enterprise-class com- 
puting platforms, running SAP 
applications in an Oracle environ- 
ment. Minimum educational re- 
quirements include an Associates 
degree (or equivalent) in Comput- 
er Science, Math, MIS, Electrical 
Electronic Engineering, or similar- 
ly relevant field. Minimum experi- 
ence required is at least seven (7) 
years specifying HP-UX hard- 
ware / software system solutions 
at least two (2) years of which 
specifically was for SAP R/3 in an 
Oracle 7.x and 8.x environment. 
Specific requirements include the 
demonstrated ability to impiement 
complex external disk subsystem 
integration of EMC and HDS stor- 
age systems with HP-UX and AIX 
operating systems. Also required 
is the demonstrated ability to 
specify, install and configure HP 
9000 series N4000 and newer 
Enterprise Servers. Additionally 
required is the demonstrated abil- 
ity to install, configure and test 
HP MC/ServiceGuard clustering 
and EMC SRDF software. Fur- 
ther required is the demonstrated 
ability to write PERL scripts and 
convert Shell scripts to PERL. Fi- 
nally required is the demonstrat- 
ed ability to implement enterprise 
backup solutions using HP Omni- 
Back integration with SAP br- 
tools. Base salary is $93,000 per 
year. Benefits include ten days 
paid vacation, contributory med- 
ical, dental, disability, life insur- 
ance, and other industry-compet- 
itive benefits Qualified appli- 
cants respond with two (2) copies 
‘of resume only to: Case # 2002- 
02333, Labor Exchange Office, 
19 Staniford Street, 1st Floor, 
Boston, MA 02114. An EOE/ 
MFHV. 


Principal Software Engineer 
responsible for project manage- 
ment of new systems architec- 
ture projects. Will oversee & par- 
ticipate in design, development 
testing & implementation of new 
software; perform client/serv- 
er application design & 
development; review technical 
requirement specifications for 
software code development; 
and solve technical problems 
related to the software develop- 
ment as needed Will apply 
knowledge of C/C++, HTML 
Visual Basic, UNIX & various 
database applications 
Requires Bachelor's or equiv in 
CSc., Engineering, Math or 
Physics, plus 5 yrs experience in 
Job Offered OR 5 years’ devel- 
oping client/server applications. 
Alternatively, will accept 
Master's or equiv in C.Sc., Eng 
Math or Physics, plus 3 yrs in 
Job Offered OR 3 yrs develop- 
ing client/server applications. 
Candidate must also possess 
demonstrated expertise’ in 
design & development of COM 
COM+, business objects & web- 
based user interfaces; dem 
expertise in design & develop- 
ment of multi-threaded user 
interface interactive systems 
and dem expertise in design & 
development of remote access 
interactive tool w/in a multi-hard- 
ware/software/network __ infra- 
structure. Sai: $90,500/yr M-F, 
9AM-5PM. Send 2 resumes to 
Case # 2002-01701, Labor 
Exchange Office, 19 Staniford 
St. 1" fl, Boston, MA 02114 
EOE. Applicants must be US 
workers eligible to accept full- 
time employment in U.S 


HaLGeRMslon eS 


Manager, Software Develop- 
ment. Manage the development 
of software to combine physio- 
logical and operational require- 
ments in real worid operations. 
Design customized scheduling 
software for North American rail- 
road operations. Supervise 
members of the software devel- 
opment team and contract 
employees. Draft marketing 
products for company's software 
products. Manage creation of 
user manuals and training mate- 
rial for software products 
Provide training to clients on 
software products Oversee 
Strategy for system develop- 
ment. Sales presentations for 
software products to industry 
clients. Supervise and manage 
software engineers and other 
professionals engaged in the fol- 
lowing job duties: Digital Signal 
Processing of physiological data 
(e.g.: EEG, EOG, ECG, video 
data); Feature extraction (under- 
standing of the physiological 
underlying processes and the 
mathematical implications) 
Design and training of Artificial 
Neural Networks; Application of 
Pattern Recognition algorithms 
for classification of physiological 
data; Application of pattern 
recognition methods for predict 
ing microsieeps; Development 
of software for modeling physio- 
logical processes (alertness 
model); integration and modify- 
fing hardware for detecting driver 
fatigue; Testing hardware for 
detecting driver fatigue 
Designing and programming of 
software to analyze data from 
tested driver fatigue detection 
hardware; Realization of pro- 
gramming tasks in MATLAB, C 
Delphi, Assembler and Visual 
Basic. Requirements. Master's 
degree or equivalent in 
Computer Science, Engineering 
or related field plus 2 years 
experience in job offered or 2 
years experience as a Software 
Engineer in the field of Artificial 
Neural Network. Must have at 
least 2 years concurrent experi- 
ence with the design, training 
and application of Artificial 
Neural Networks in industrial 
context, as well as MATLAB, C 
Visual Basic, Assembler and 
Delphi. Salary: $99,500/yr. for 5 
day, 40 hour work week, 9:00 
a.m.-5:00 p.m. Submit two (2) 
copies of resume to Case 
#200201962, Labor Exchange 
Office, 19 Staniford St.. 1st 
Floor, Boston, MA 02114. 


Senior Software Engineer: 
Specify, design, develop and 
support various aspects of the 
products. Work within teams to 
define the next generation archi- 
tecture of the company’s prod- 
ucts that include agents, net- 
working, management tools and 
policy server. Work closely with 
members of the Product 
Management, Quality Assur- 
ance, Release Engineering 
Documentation and Customer 
Support teams to ensure proper 
product development and sup- 
port. Follow rigorous software 
engineering standards including 
development of product require- 
ments, functional and design 
specifications and adhere to 
coding standards. Work with 
partners and industry groups to 
create and promote standards in 
security and e-commerce 
Requirements include a 
Bachelor's degree or equivalent 
in Computer Science or related 
field and five years of experi- 
ence in job offered or related 
field of software engineering 
Applicants must have unrestrict- 
ed authorization to work in the 
United States. Salary $87,000/ 
year 40 hours/wk. Respond 
with two copies of resume to 
Case #200202112 Labor 
Exchange Office, 19 Staniford 
St., 1st Fl., Boston, MA 02114. 
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HCL TECHNOLOGIES AMERICA, INC. 


HCL Technologies America, Inc. and its affiliate companies, like 
HCL Technologies (lilinois) Inc., and HCL Technologies (Mass.) 
Inc., have multiple openings at its offices in Sunnyvale, CA 
Stamford CT; Plano TX; Florham NJ, Irvine CA, Vienna, VA 


Boston, MA, Chicago, IL, Detroit 


MI as well as project sites 


throughout the United States for the following positions 


Software Engineers 
Programmer Analysts 
Systems Analysts 
Database Administrators 
Hardware Engineers 
Budget Analysts 


Systems/Network Administrators 


Project Managers 


Account Managers/Sales Managers/Business Managers 


Sales Engineers 
industrial Engineers 


Market Research Analysts 


Management Analysts 


Human Resource Representative 


Accountants 


Salary will be commensurate with education and experience 
All positions may involve travel or relocating to various client 


sites through out the US 


For consideration please send your resume t 


HCL America Technologies, Inc 


Attn.: HR Dept. (Computerworld Ad.) 


330 Potrero Avenue 
Sunnyvale, CA 94085 


Email: cwjobs@hcitech.com 


Please indicate the location and the position you are 


applying for 


www.hcitechnologies.com 


SAP information Technology 
Consultant - Initiate, plan & eval- 
uate ways to improve global 
supply chain, scheduling & de- 
mand planning operations using 
SAP platform (R/3, APO, ABAP. 
BAPI). Perform cost-benefit an- 
alysis for different deployment 
strategies. Design integration 
mode! w/focus on Scheduie-X 
interface w/ SAP R/3 Enterprise 
Resource Planning & APO. De- 
velop Business Scenario flow 
documents & implementation 
analysis report. Validate global 
Demand Planning design in line 
w/JUS requirements. Design & 
configure Suppiy Network Plan- 
ning. Must be willing to travel to 
project sites throughout US & 
abroad approx. 25-30% of time. 
Must have Bachelor's degree or 
foreign equiv. in Comp Sci 
Engineering, Business or related 
field + 3 yrs exp in job offered or 
cross-modular SAP Program- 
mer/Analyst. 8:30am-5pm, M-F. 
OT as needed. $102,549/yr 
Reply to Job Order #WEB 
337067 Manager, Beaver 
County Team PA CareerLink 
2103 Ninth Ave., Beaver Falls. 
PA 15010-3957 


Quality Assurance Engineer need- 
ed to initiate, develop, implement 
structured SQA testing environ- 
ments, processes, manuals, and 
automated projects, using ad- 
vanced knowledge of computer 
science and engineering. Must 
have Master's Degree in Engin- 
eering or Computer Science plus 
work experience with the following 
computer languages:C, C++ 
Java, SQL, PL/SQL and testing 
tools WinRunner, LoadRunner. 
Silk, and Rational Robot. Send 
fesume to: Links Technology 
Solutions, Inc., 444 East State 
Parkway, # 219, Schaumburg, IL 
60173. 


Senior Oracle Database 
Developers / Administrators 
(Pharmaceutical) 


A global biotechnology company 
localiy based in the Greater Boston 
area, is engaged in the research. 
development cture 
marketing of pre 
has an immed 
experienced, highly-skilled Senior 
Oracle Database Developers / Ad- 
ministrators (Pharmaceutical). The 
responsibilities of these senior level 
positions involve the design, setup 
and maintenance of nical trial 
databases in Oracie, in accordance 
with FDA regulatory standards. Pa- 
rallei responsibilities include com- 
puter systerr validation and data- 
base administration tasks. Mini- 
education required is a Bach- 
elor's-ievel degree in MIS, CS 
Math, Business, or a field of engi- 
neering. Minimum experience re- 
quired is at least five (5) years in- 
volving Oracle database program- 
ming and administration, at leas 
two years of which specifically 
were in the pharmaceutical / bio- 
technology industry using PL/SQL 
Oracle Forms and Reports. Speci- 
fically required is the dernonstrated 
ability to design, set-up, implement 
and maintain clinical trial databases 
within the federally-mandated 
guidelines set forth in FDA's “Good 
Clinical Practices” ("“GCP"s), and 
FDA's 21CFR11 re electronic sig- 
natures. Also required is the dem- 
onstrated ability to annotate a Case 
Report Form and program edit 
checks as indicated in a data vali- 
dation pian. Additionally required is 
the demonstrated ability to perform 
validation of commercial off-the- 
shelf software and internally devel- 
oped applications and tools, adher- 
ng to FDA regulatory standards on 
computerized systems. Finally re- 
quired is the demonstrated ability 
administering databases creating 
users and roles, and performance 
tuning. Base salary is $ 80,000 
Benefits include fifteen (15) days 
paid vacation, medical, dental, dis- 
ability, life insurances, and other 
industry-competitive benefits. Qua- 
ified applicants respond with two 
(2) copies of resume only to: Case 
# 200201818, Labor Exchange 
Office. 19 Staniford Street, 1st 
Floor, Boston, MA 02114. An 
EOE/MFHV 





ADVENT GLOBAL 
SOLUTIONS, INC. 


Advent Global Solutions one of the 

test growing IT service compa- 

has the foliowing positions 
open in two locations 


SOFTWARE ENGINEERS: to re- 
search, design, develop computer 
software systems and lead new 
product development projects to 
timely completion. Ability to evalu- 
ate and design SAP software is 
required. Needs a Masters in CS, 
MIS or any related degree com- 
bined with 1 + years experience or 
Bachelors with 5 years experience 
in designing and developing com- 
puter software systems. 


SYSTEMS ANALYSTS: to analyze. 
design and develop operational 
procedures to automate processing 
and to develop new systems to 
improve production. Knowledge of 
;SAP, Oracle, and other business 
related software is essential 
Needs Bachelors in Engineering) 
CS or in any related field combined 
with 5 years relevant experience in 
designing and developing comput- 
er software systems 


Please send resumes to the 
respective addresses. 

3419 N. Kennicott Avenue, Suite C 
Arlington Heights, IL 60004 

12777 Jones Road, Suite # 445, 
Houston, Texas 77070 


MIS Administrator - Install, moni- 
tor & maintain network system soft- 
ware incl. operating system, data 
base & data comm. control & other 
utility prog; prov. tech. assist to 
users in operation & maint. of PCs 
prov. analysis & recommendations 
for network/systems/infrastructure 
improv.; formulate & track budget 
expenses to ensure complience 
w/depart. constraints; coord. Syst 
Integration, repair & installations 
wiinternal resources & outside ven- 
dors; performs Network LAN mngt. 
troubleshoot, & setup network 
equip. (hubs, routers, brides & 
switches); write prog. docs. & users 
procedures & instructions; docs. & 
manag N/WAN architecture & 
network policies & comm. network: 
mngt TCP/IP. Internet access; prov 
expertise in develop. security & fire- 
wall protection for the comp. net- 
work; configure, install, debug 
troubleshoot & maintain perfor- 
mance of eng. computer syst incl 
both hardware/software applica- 
tions; maintain hardware/software 

ent.; maintain, manage & ex- 
pand company's phone syst. inc! 
Pbx, switch mangt console & voice- 
mail; works w/& install Autocad 
softw. BS in Electrical, Electronic or 
Systems Eng. & 1 yr exp in job 
offered. 40 hrs per wk M-F 9AM- 
6PM. Fax resume to RJ Behar & 
Company Attn: Rober Behar 
(954) 680-7781 


COMPUTER PROFESSIONALS 


Opportunities for 


* WEB ARCHITECTS 
DEVELOPERS 
SYSTEMS ANALYSTS 

* WEB GRAPHIC DESIGNERS 
NETWORK ENGINEERS 
PROGRAMMER/ANALYSTS 

* SOFTWARE ENGINEERS 


SKILLS: 


* COLD FUSION * SPECTRA 
* ORACLE + VISUAL BASIC 

* VISUAL C++ * SIEBEL » ASP 
* COM, DCOM « JSP * HTML 

+ JAVA, JAVA BEAN + EJB JAVA 
SERVLETS » WEBSPHERE 

+ 1BM MQ SERIES + XML,UR 

* MTS * CLARIFY * PERL 

+ OBJECTPERL * SPYPERL 

* SMALLTALK + PL/SQL 

* VISUAL AGE + COBOL, SPL 
UNIX 


Visit our website @ 
www.computerhorizons.com 


Attractive salaries and benefits 
Please forward your resume to: 
H.R. Mgr., Computer Horizons 
Corp., 49 Old Bloomfield 
Avenue, Mountain Lakes, New 
Jersey 07046-1495. Call 
973-299-4000. E-mail: jobs@ 
computerhorizons.com. An 


Equal Opportunity Employer M/F. 
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Silicon Laboratories Inc. is hir- 
ing for the following positions: 


Systems Design Engr (Senior 
Level): Research, design & 
develop system ‘evel algorithms 
for data conversion & communi- 
cation eqpt mixed signal IC 
applications; apply computer & 
electrical eng'g analysis to set 
operational specs & then formu- 
late & analyze algorithms req'ts. 
Min req't: Ph.D. degree in Elec- 
trical & Computer Eng’g. Job 
site: Austin, TX or Broomfield 
co 


Product Marketing Engr: Re- 
sponsible for product strategy. 
definition, pricing & promotion 
on a family of mixed signal ICs 
for wireless products; provide 
customer support & interact with 
other companies’ design, manu- 
facturing and finance groups 
Min req't: BSEE or BSCE plus 2 
yrs. exp. 


Jobsite: Austin, TX. Piease send 
ad & resume to HR Dept, Silicon 
Laboratories Inc., 4635 Boston 
Lane, Austin, TX 78735 


Programmer Analyst (multiple 
openings) - Design, develop, test 
and implement computer applica- 
tions using one (1) or more of the 
following: RPG/400, AS/400, ILE: 
RPG, CL/400, SQL/400, Visual 
Basic and/or C++. Req's. Bach's in 
CS, Systems Analysis, CIS, MIS. 
Computer Engg.. Computer Sci 
and Engg., Electrical Engg., Elec- 
tronic Engg. or Math or its equiv. in 
edu. and exp. plus 2 yrs exp. in job 
offered or 2 yrs exp. in a related 
occup. as a Programmer, Pro- 
grammer Analyst, Systems Ana- 
lyst, Senior Systems Analyst, Soft- 
ware Engineer or Consultant. Will 
accept 3 yrs of college edu. plus 3 
yrs exp. in job offered or in a relat 
ed occup. in lieu of the req'd edu 
and exp. Will also accept any 
equally suitable combination of 
edu., training and/or exp. which 
would qualify an applicant to per- 
form the duties of job offered 
$83,387.20/yr., 40 hrs/wk., 8a-5p. 
M-F. Submit resume to MDCD) 
ESA, P.O. Box 11170, Detroit, MI 
48211-1170. Ref. No. 210492 
Employer Paid Ad 


VICE PRESIDENT OF IT 
OPERATIONS - Los Angeles. 
Direct management & strategic 
development of !T operations of 
worldwide publisher of interac- 
tive entertainment & productivity 
software. Bachelor's in comput- 
er sci., Computer studies infor- 
mation systems or engineering + 
6 yrs experience in job offered or 
6 yrs experience managing IT 
operations, including managerial 
responsibility for design & 
administration of enterprise- 
wide info systems. Must have 
knowledge of etwork infrastruc- 
ture, directory services & digital 
asset mgt systems. Must be flu- 
ent in spoken & written French 
including IT terminology. Send 
resume & letter to HR VPIT, 
Vivendi Universal Games, Inc. 
6080 Center Dr., Los Angeies. 
CA 90045 


Senior Analyst (Oracle Applications 
and Databases) needed in the 
analysis, architecture administra- 
tion, maintenance, design, and 
implementation of Oracie Applica- 
tions and Databases, using ad. 
vanced knowledge of computer sci- 
ence and engineering as well as 
particular computer utilities. Bach- 
elor's Degree in Computer Science 
or Computer Science Engineering 
required plus prior work experience 
with Oracle Applications and Data- 
bases. Positions in California and 
lilinois available. Send resume to 
Mr. Brian Burke, Links Technology 
Solutions, Inc., 444 East State 
Parkway, Suite 219, Schaumburg 
IL 60173. 


Software Engineer 


(Requires Masters degree and 
two years experience.) Job 
entails and requires experience 
in design, development and 
implementation of enterprise 
level applications using C 
VC++, .NET and Oracie; design 
and development ex-perience 
must include Unix, NT and IRIX 
platforms. Attractive compensa- 
tion package. Send resumes to 
Calvin Whittington, The Library 
Corporation, Research Park 
Inwood, WV 25428 


Systems Admin's. to install 
maintain support/administer 
operating systems like Unix, 
Linux, AIX Solaris, Web 
Servers like Apache, IIS and 
application servers like 
Weblogic, Websphere; respon- 
sible for system security, UNIX 
Kernel and Oracle database 
tuning&network performance 
tuning configure storage 
devices using Veritas Volume 
Manager. Require: BS or foreign 
equiv. in CS/Engg. (any branch) 
& 2 yrs of exp. in IT. Travel 
required. High Salary. F/T. 
Resume to: HR, Fourth 
Technologies, Inc., 585 Toligate 
Road Suite |, Elgin, iL 60123 


Seeking qualified applicants for the 
following positions in Memphis: 
Collierville, TN: Senior Program- 
mer Analyst. Formulate/define fun- 
Ctional requirements and documen- 
tation based on accepted user cri- 
teria. Requirements: Bachelor's| 
degree* in computer science, MIS. 
engineering or related field plus 5 
years of experience in systems 
applications development. Experi- 
ence with Oracle and UNIX Script- 
ing also required. “Master's degree 
in appropriate field will offset 2 
years of general experience. Sub- 
mit resumes to Sibi George, FedEx 
Corporate Services, 1900 Summit 
Tower Bivd., Suite 1400, Orlando 
FL 32810. EOE M/F/D/V. 


Edify Technologies, Inc. needs 
Programmer Analysts: Bach- 
elor's degree in Computer or 
related field with 2 years expe- 
rience in C#, Unix Internals 
Ant, C/C++, Bugzilla, Web- 
Logic, Tornado, ClearCase/ 
Quest/Make, VxWorks, Web- 
services. We accept foreign 
education degree or the de- 
gree equivalent in education 
and experience. Send your; 
resume with covering letter to’ 
Edify Tech. Inc. 1318 E 
Algonquin Road, 2H, Schaum- 
burg, IL 60173. E-mail 
resumes@edifytech.com 


Systems Analyst - Oracle 


3-5 years experience supporting 
payroll and HR systems. Signifi- 
cant experience with Oracle da- 
tabases and applications. Know- 
ledge of database management 
systems. Project management 
experience. Strong Unix skills 
along with query languages 
such as PL/SQL and SQL 
Knowledge and understanding 
of 3rd party report writers inciud- 
ing Noetix and Crystal Reports. 
Please send resume to: Embry- 
Riddle Aeronautica! University, 
HR Dept., 600 S. Clyde Morris 
Bivd., Daytona Beach, FL 
32114 
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SOFTWARE ENG De- 
sign & implement com- 
plex operating software 
applications. B.S. Comp 
Science or equiv. & 2 
years programming 
experience, must be 
proficient in PeopleSoft 
& related programs. 
Apply to: Harland Co., 
Attn: Caryl James, 
2939 Miller Road 
Atlanta, Ga 30035. 


SOFTWARE ENGINEER: 
Experience in full product 
life cycle & banking secu- 
rities applications. Famil- 
iarity with VB3, PL/SQL, 
UNIX, ASP, 
Foxpro2.5. Mai! resume 


Oracle, 


to: Corporate Software 
Solutions, Inc., 4251 
Route 9 North Bldg. A#C, 
Freehold, NJ 07728. 


Prog/Analysts to analyze, devel- 
op, maintain software applis 
using Oracle Applications 
Oracle, PL/SQL, Dev 2000, etc 
under Windows/UNIX OS; con- 
duct functional testing/debug- 
ging; perform data conversions, 
customize Forms/Reports using 
Oracle Applications standards; 
document, maintain & update 
development process. Require 
BS or foreign equiv. in CS/Engg. 
(any branch) or related field & 
2yrs of exp. in IT. Travelinvolved 
F/T position. Comp Salary. 
Respond to: HR, Bahwan 
Cybertek Technologies, inc., 
209 West Central Street, Ste 
312, Natick, MA 01760 


Technical Support Manager 
for distributor and value 
added reseller of internet- 
working solutions located in 
Miami, Florida. Bachelor; 
Degree in Electronics or, 
System Engineering or for- 
eign equivalent and 2 yrs. 
exp. in job offered or 
telecommunications related 
area. Send resume to 
CLAdirect, Inc.; attn: HR 
Dept., 8600 N.W. 17th 
Street, Suite 140, Miami, FL 
33126 


Software Engineers needed at 
client sites to dsgn, dvip, inte- 
grate & support computing & 
switching systems for computer- 
telephony, telecom, n/working & 
related fields using Dialogic 
DNA voice boards, CT-Connect, 
CTI-IVR, ACD, PLC- 
Programming (Ladder Logic) & 
SCADA systems, PLC-PC 
niwork, Voice-Over-Packet solu- 
tions, TI-54x series of DSPs, 
RM7000 series of processors, 
PMC-Sierra Framer & FXS card 
Send resume to: Hireme, Globai 
Consultants, 25 Airport Rd, 
Morristown, NJ 07960 
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Witness Systems, Inc. seeks to 
qualified applicants for the fol- 
lowing positions 
Software Support Engineer: 
Must have Master's degree 
or equivalent in Electronics 
Engineering or reiated field 
Must have 2 years of experi- 
ence in the position offered 
or 2 years in Programming 
Engineering 
Senior Java Developer: Must 
have Master's degree or 
equivalent in Computer 
Science or related field. Must 
have 2 years of experience 
in the position offered or 2 
years in Software Engin- 
eering 
For all positions salary com: .. n- 
surate with experience. Must 
have legal authority to work in 
the U.S. Send resume and cover 
letter to Sheri Mattison 
Employment Manager, Witness 
Systems, Inc. 300 Coloniai 
Center Parkway, Roswell, GA 
30076 


Volition, Inc. (a wholly-owned 
subsidiary of THQ, Inc.) has 
an opening for a Game 
Programmer in Champaign, 
IL. MS in CS/CE + 6-12 mos. 
as junior game program- 
mer/video game design. De- 
velopment of a cross plat- 
form game engine; physics 
modeling and artificial intelli- 
gence programming; transia- 
tion of visual style into code; 
3D graphics programming for 
the game engine. Fax 
resume to Mike Kulas @ 
818-871-7590. 


A developer of FEA software 
systems, seeks qualified profes- 
sionals to fill the following posi- 
tions in our Los Angeles office 
Project Engineers to define new 
product specifications & local- 
ization features of FEA software. 
Technical Support and Quality 
Assurance Engineers to provide 
FEA software support and test- 
ing. Technical/Training Engin- 
eers to provide training and field 
application engineering support 
for FEA software, 25-30% travel 
required. Interested applicants 
should send resume to 
Department LAF#1, SolidWorks 
Corporation, 300 Baker Avenue, 
Concord, MA 01742. EOE 


itcareers.com 
is the place where 
your fellow readers 
are getting a jump 
on even more of the 
world's best jobs. 


Now combined with 
CareerJournal.com, 
You have more jobs 
to choose from. 
Stop in for a visit. 


See for yourself. 





Applications Development Analyst 
(Boston, MA) - Provide technology 
relationship mgmt in support of 
specific line-of-business initia- 
tives; lead key project resources 
on Portal development using de- 
velopment methodology & CMM 
mentor technical team leads in 
Internet, Intranet related projects. 
& mediur ge sys projects. 
design, develop & maintain busi 
ness processes: provide consulta- 
tion in software engineering pro- 
cesses, procedures & methodolo- 
gies; contribute to development of 
tech strategies/business sys an- 
alysis & design: visualize, concep- 
tualize & define business solu- 
tions; translate solutions into tech- 
nical terms via sys analysis, archi 
tecture design, solution architec- 
ture & sys specs; perform com- 
plex research & analysis to identi- 
fy & resolve c divisional pro- 
ject issues; review, analyze & 
evaluate business sys & user 
feq's; formulate sys to parallel 
business strategies; determine 
user needs, program functions & 
req's to develop/modify computer 
Programs; colladorate w/ technical 
team in data & object design: 
develop business value technolo- 
gy & infrastructure enhancement 
projects; expand technical devel- 
opment methodology to include 
web architecture standards. 
assess needs of business part- 
ners, identify opportunities, ana- 
lyze issues, recommend courses 
of action & assist in implementing 


solutions. Min. req's: Master's in| 


MIS or rel. field + 2 yrs exp in posi- 
tion offered or 2 yrs in business 
sys development. Must have 
knowledge of: XML & Oracle; sys 
analysis and design tools inci 
CMM, object oriented analysis 
and design, and UML; financial 
analysis, incl RO! calculation 
enterprise systems; database 
technologies; & business produc- 
tivity tools. Must have unrestrict- 
ed authorization to work in U.S 
M-F, 8:30 AM - 5:30 PM, 40 
hrs/wk. Salary range: $95,000. 
$105,000/yr. An EOE. Send 2 
copies of resume to Case No. 
200202551, Labor Exchange 
Office, 19 Staniford St., 1st Fi 
Boston, MA 02114 


Web Developer 


Conseco has positions for pro- 
grammers to research, design 
and develop internet website 
using vignette software as web- 
site platform, including .ASP 
development and modular/ 
adapter development with V5/6 
platform, BIS method develop- 
ment including advanced data 
manipulation and logic develop- 
ment and XML coding with XLS 
parsing for HTML presentation 
layer, complex relational data- 
base design/technology, SQL 
stored procedure management 
UNIX-based environments, inte- 
gration of third-party product into: 
vignette environment using 
ASP within the vignette piat- 
form, XML, XSL, HTML, PERL 
CGI, jsp/Java (J2EE compliant) 
in Microsoft operating systems 
Duties include consulting with 
other computer professionals to 
evaluate interface between 
hardware and software and 
operational performance req- 
uirements of system; developing 
and directing software systems 
testing procedures, program- 
ming, and documentation, and 
consulting with system users 
concerning maintenance of sys- 
tem software and coordination 
of installation of software sys- 
tem. Candidates must have a 
bachelor’s degree in computer 
science or related field. Please 
send resume to: Bernard Hodes 
Group Reply Service, #80608, 
8440 Woodfield Crossing Bivd 

Suite 290, Indianapolis, IN 
46240. No phone cails, please 
An equal opportunity empioyer. 
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We are looking for a team-oriented IT professional for the 
following position: 


MANAGER, INFORMATION 
SYSTEM SERVICES 


The selected candidate will oversee all computing operations 
and technical/infrastructure support. You'llalso create/implement 
growth strategies for our IS Department, which is responsible 
for network and data telecommunications, database and storage 
management, data center and computer operations, server 
hardware maintenance, help desk, PC support, web infrastructure, 
and hardware/software budgets. We require 10 to |2 years’ IT 
experience, with 3 years in a managerial role. A degree or 
equivalent work experience is also essential, as is expertise in 
UNIX, Windows, MVS, and "best practices." A chemistry 
background is desired. 


In addition to working with mission-critical applications, some 
leading-edge technologies, and an outstanding technical team, 
CAS offers competitive compensation and an excellent benefits 
package, including flexible hours, company-paid retirement 


disability plans and employee savings plans. 


Email your resume including salary requirements to: 
jobs@cas.org 


Department/JD, 2540 Olentangy River Road, Columbus, 


OH 43202-1505. Fax 614-447-3816. For moreinformation 
about CAS, refer to our web page at www.cas.org. Equal 
Opportunity Employer. 


SOFTWARE ENGINEER: Soft- 
ware engineer to design, devel- 
Op and test computer programs 
for business applications; ana- 
lyze software requirements to 
determine feasibility of design 
direct software system testing 
procedures using expertise in 
Progress 4GL, MFG/PRO 
Cognos, XML and CIM. Req 
uirements: Bachelor's Degree or 
equivalent in Computer Science 
or related field and two years 
experience as a software engi- 
neer or computer programmer, 
knowledge of Progress 4GL 
MFG/PRO, Cognos, XML and 
CIM Salary: $90,000/year. 
Working Conditions: 8:00 A.M 
to 5:00 PM., 40 hours/week 
involves extensive travel and 
frequent relocation Apply 
Manager, Armstrong County 
Team PA CareerLink, 1270 
North Water Street, PO Box 759 
Kittanning, PA 16201, Job No 
WEB337358 


e-lité Companies 


SOFTWARE ENGINEER 
Multiple openings for software 
engineers to design, develop 
and test computer programs for 
business applications; analyze 
software requirements to deter- 
mine feasibility of design; direct 
software system testing proce- 
dures using expertise in Visual 
Studio.Net, ASP.Net, XML 
Oracle and C#. Requirements. 
Bachelor's Degree or equivalent 
in Computer Science oy related 
field and two years experience 
as a software engineer or com- 
puter programmer, knowledge of 
Visual Studio.Net, ASP.Net 
XML, Oracle and C#. Salary 
$66,000/year. Working Cond- 
itions: 8:00 A.M. to 5:00 P.M., 40 
hours/week, involves extensive 
travel and frequent relocation. 
Apply: Job Center/CareerLink 
Supervisor, Indiana County 
CareerLink, 300 Indian Springs 
Road, Indiana, PA 15701, Job 
No. WEB337367 


e-merging companies 
e-ssential companies 


e-normous opportunities 
WWW.ITCAREERS.COM 
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Computer Software De- 
velop Delphi Programmer 
Develop programs and applica- 
tions for microcomputers and 
LAN stations: Design database 
management systems and envi- 
ronment for MSDOS and Win- 
dows "95 operating systems uti- 
lizing various software applica- 
tions written in either DATA- 
FLEX, C or Delphi; Engage in 
client server app ns and 
SQL Database set up and de- 
sign; Prepare functional specifi- 
cations and design software pri 
grams and modifications for sci- 
entific engineering and/or busi- 
ness applications; Test units and 
computer software systems and 
conduct end user training pro- 
grams. Must have bachelor’s de- 
gree or equivalent in Electronic 
Communications and three (3) 
years experience in the position 
offered. Equivalency must be 
based upon only educational cre- 
dentials as determined by an 
accredited Credentiais Evaluat- 
or. 40hrs/iwk @ 62,718.24 per 
year. Must have proof of legal 
authority to work in the U.S 
Send resume to: PO Box 11170 
Detroit, Michigan 48202. Refer- 
ence NO.: 211078. EMPLOYER 
PAID AD 
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Continued from page 1 
Privacy Law 


and database security. 

The new law, SB 1386, re- 
quires companies to inform 
customers when their names 
— in combination with either 
their Social Security numbers, 
driver’s license numbers or 
credit/debit card numbers 
with personal identification 
numbers — have been ac- 
cessed by an unauthorized 
person [QuickLink 38357]. 

But confusion about what 
some observers characterize 
as a poorly written piece of 
legislation has given way to 
panic during the past two 
weeks, officials in the IT secu- 
rity and legal sectors said. 

“Companies are literally 
shocked by this law, and many 
big companies are terrified,” 
said Bob Walters, CEO of 
Teros Inc. in Santa Clara, 
Calif. 

“Under a broad reading of 
1386, even virus incidents that 
corrupt large amounts of data 
must be reported, even if there 
is no compromise of personal 
information,” said Michael R. 
Overly, a partner at the Los 
Angeles office of law firm Fo- 
ley & Lardner. “Very large 
class-action lawsuits are on 
the horizon.” 


No Mention of Standards 
Under the law, the theft of 
data that’s encrypted doesn’t 
have to be reported. But be- 
cause the law makes no men- 
tion of industry security stan- 
dards, particularly the appro- 
priate level of encryption 
needed to protect customer 
data, some companies may 
feel forced into taking drastic, 
costly actions, said Overly. 
“What some companies are 
thinking of doing is assigning 
a random number to a cus- 
tomer name in one database 
and linking that random num- 
ber to the personally identifi- 
able information stored in a 
completely separate database,” 
he said. “This would require 
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major changes to large compa- | 


ny databases.” 

Eric Beasley, senior network 
administrator at Baker Hill 
Corp., an application service 
provider to the financial in- 
dustry, said that although the 
burden would be on financial 
institutions to notify cus- 
tomers of breaches, the new 
law has forced his company to 
purchase a Web application 
firewall from Teros and study 
database encryption options. 

But performance issues are a 
concern with encryption, he 
said. Consequently, Carmel, 
Ind.-based Baker Hill is study- 
ing a possible move from the 
32- to the 64-bit version of Mi- 
crosoft SQL Server, which 
promises considerably higher 
performance. “That holds the 
promise of being able to do en- 


| cryption without significantly 


reducing the performance we 
have today,” Beasley said. 
Network performance is far 


Continued from page I 


European VAT | 


tions, the company set up a 
subsidiary in London. That 
lets it charge the U.K. VAT 
rate of 17.5% to all European 
customers who download 
products from its clients. 

Ronning said the centralized 
operation includes systems 
that can handle all European 
business, including databases 
that correlate the locations of 
customers and track the VATs 
in different jurisdictions for 
comparative purposes. 

By July 1, companies based 
outside the EU must register 
with European tax authorities 
to levy, collect and remit the 
VAT on sales of various digital 
goods and services. 

Under a directive issued by 
the EU in May 2002, compa- 
nies that don’t have a physical 
presence in an EU member 
nation must assess the tax at 
the rates charged by the coun- 
tries where individual cus- 
tomers are located. 





from the only issue facing 
companies. Don Ulsch, man- 
aging director and CEO of 
Janus Risk Management Inc. 
in Marlboro, Mass., said SB 
1386 cuts across virtually 
every corporate function, in- 


AOL International, a divi- 
sion of New York-based AOL 
Time Warner Inc., has about 
6.3 million dial-up and broad- 
band customers in Europe and 
in response to the VAT has 
centralized its Internet service 
provider operations for the 
EU in Luxembourg, said 
spokeswoman Mia Kulla. 

“If we hadn’t done this, we 
would have had to comply 
with 15 different tax regimes, 
which was not a viable busi- 
ness option,” Kulla said. She 
declined to comment on how 
much it has cost AOL Interna- 
tional to set up the operations 
in Luxembourg but said the 
VAT won't result in higher 
prices for customers. 

On the other hand, Scott 
Pendergrast, co-founder of 
Fictionwise Inc. in Chatham, 
NJ., said it wouldn’t have been 
economically feasible to invest 
in a European operation. In- 
stead, the seller of e-books is 
preparing to collect the tax in 
different countries, although 
Pendergrast said it’s doing so 
reluctantly. 





cluding IT security, physical 
security, classification man- 
agement, process linkage, hu- 
man resources operations and 
environmental monitoring. 
According to Ulsch, the new 
law will put an even higher 
premium on internal monitor- 
ing, access control and per- 
sonnel risk management be- 
cause it “will make it easier to 
conduct internal sabotage op- 
erations by purposefully 
breaching security in order to 
financially and legally jeopar- 
dize the company.” 
Customer-tracking tools 
and network monitoring soft- 
ware capable of differentiating 
between genuine performance 
problems and security inci- 
dents that affect performance 
will also be critical in helping 
companies determine when 


| they must make a public re- 


port, said Rajeev Khanolkar, 
CEO of netForensics Inc. in 
Edison, NJ. “If you don’t know 


“T think paying it is ridicu- 
lous, and it’s unfair for a for- 
eign government to make me a 
tax collector,” he said. “I have 
enough trouble keeping track 
of the the U.S. tax code.” 

Pendergrast said he plans to 
assign one of Fictionwise’s 
two internal developers to 
write code to automate the 
VAT assessment and remit- 
tance process, although he be- 
lieves the company is exempt 
from the tax for now because 
its annual European sales total 
less than 100,000 euros 
($114,283). However, an EU 
spokesman said there is no 
such exemption. 

Some businesses are ques- 
tioning whether they need to 
collect the new tax on the 
grounds that European courts 
wouldn’t have jurisdiction 
over them, said Jon Abolins, 
vice president of tax and gov- 
ernment affairs at Taxware, a 
Salem, Mass.-based division of 
GovOne Solutions LP that de- 
velops e-commerce software. 

Taxware has been hearing 
from some customers that are 











| what has been compromised, 


you may be forced to disclose 

a potential compromise of 

your entire database,” he said. 
The new law may also 


| change the way companies 


view and deploy wireless net- 
works, said Ulsch. “With so 


| much at risk, companies will 
| have to look very seriously at 


wireless and the security im- 
plications,” he said. 

But Overly said there may 
be a bigger problem on the 
not-too-distant horizon. “Look 
what has happened with 
spam,” he said. “We now have 
dozens of different spam laws. 
If individual states start doing 
what California is doing, com- 
panies could be faced with 


| every state having different se- 
| curity requirements.” D 


"MORE THIS ISSUE 


Computerworld’s Robert L. Mitchell dis- 


| Cusses ways companies can brace for the 


spate of new data privacy laws. Page 34 


“scrambling” to get ready for 
the VAT, but others are asking 
if they can just ignore it, Abo- 
lins said. He has been advising 
companies not to do so, be- 
cause there is speculation that 
EU countries might not fight 
to protect the intellectual 
property rights of sellers that 
fail to collect the VAT. “I don’t 
think any business wants to be 
characterized in the EU as a 
tax cheat,” he added. 

Matthew King, a trade 
spokesman for the European 
Commission, the EU’s execu- 
tive arm, said it will be up to 
each of the 15 nations to de- 
cide how to enforce the VAT 
directive. According to King, 
the EU approved the VAT plan 
after content providers based 
in Europe complained that 
they were at a competitive dis- 


| advantage because they al- 
ready have to collect the tax. D 


LOCATION CHALLENGES 


Companies say it won't be easy to confirm 
which EU country a customer is based in: 
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FRANK HAYES ® FRANKLY SPEAKING 


Sabotage Solution 


AY YOU’RE AN IT MANAGER with a project that’s doomed. You 
know it’s doomed. Everyone on the project team knows it’s 
doomed. Maybe it’s underfunded, or the technology turned 
out to be half-baked, or it’s beyond the skills of your team, 
or it’s just hopelessly off the tracks. Maybe you argued 
against it, but it has powerful sponsorship and there’s no way you 
can talk the powers that be into shutting it down. 
Is it time for a little sabotage to put it out of your misery? 
Of course, sabotage is wrong. We all know that. But which is 
worse: torpedoing a doomed project, or flushing time and budget 
and morale down the drain in a futile effort to make it work? 


Or suppose some user’s PC fails intermittent- 
ly. It doesn’t happen every day, but every time it 
does, the user loses time and work and a little 
more sanity. The user’s manager is demanding 
that you fix the PC, but there’s no problem you 
can identify and reproduce. You know the right 
solution is to replace the PC, but as long as it 
tests out OK on the bench, corporate policy 
says it must be put back in service. 

Do you make sure it gets a little, er, help to 
fail on the bench, so that poor user can get a 
reliable PC again? 

Now try this one: For the first time, your 
team has been assigned a user to help identify 
problems with an important application. The 
user doesn’t understand how your shop does 
things, doesn’t have the clout or charisma to 
overcome outsider status and has slowed 
progress to a crawl with all his questions and 
objections. And you know that if this project is 
completed, you'll have users on lots of future 
projects — all with the same problems. 

Do you drive the project — and the user — 
straight into the ground, just to avoid all that 
trouble? 

It’s sad but true: Sabotage is a 
slippery slope. At heart, it’s about 
breaking things instead of making 
them work, destroying instead of 
building. It’s an ugly concept that 
runs counter to everything you’re 
supposed to be doing, a notion 
nasty enough that in most IT shops 
it’s never even mentioned out loud. 

Trouble is, in most IT shops it’s 





And ugly as it may be, sometimes sabotage is 
the least ugly of the real options available. 

Ironic, isn’t it? You want your IT people to do 
what’s right for users and the business — to 
keep time and effort and budget from being 
wasted. But sometimes they can’t do that with- 
out a little sabotage. And you can’t encourage 
them to keep doing what’s right for users and 
the business unless you tolerate that sabotage. 

But if you’re too tolerant of it, you’ll end up 
with self-serving sabotage — the kind that 
doesn’t help users or the business at all, but is 
just a convenient way to cut corners and avoid 
challenges. 

How can you be sure you'll get only the right 
kind of sabotage? You can’t. Remember, sabo- 
tage is unmentionable. You can’t clearly explain 
what kind is OK and what’s not. And you can’t 
officially support it, because by definition sabo- 
tage is against the rules. 

So you'll have to depend on nudges and hints 
and the good judgment of your staff. You’ll also 
need to watch out for cases of the wrong kind 
of sabotage, to stop them quickly and publicly. 

y If you can’t explain, at least you 
want to offer lots of examples. 

Does all this subtlety and ambi- 
guity make you uncomfortable? 
Good — it should. You really 
shouldn’t need sabotage to serve 
users and your business. That dis- 
comfort should motivate you to 
keep chopping away at the things 
that make sabotage necessary — 


the foolish rules, the politically 
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You Get What You Measure 


Network techs at this manufacturer are surprised 
when they get a poor evaluation - the networks are 
running fine with few user complaints. “That's the 
problem,” says IT pilot fish. “Their metric is how many 
take to randomly unplugging a hub, waiting for trouble 
tickets to come in, then restarting the hub. Reports 
fish, “They were rated ‘excellent’ on their next review.” 


“My screen is 
electrifying the 


end because of 
the outage.” 


table and shock- TANK. It Gains 


ing me,” user 
and you'll see.” Fish 
does, and feels a small 
vibration. “That isn’t vi- 
bration, that's electric: 
current,” user insists. “I : 
know what anelectric 
current feels like.” Look- 
ing around, fish spots a 
rarely used IBM Selec- 
tric typewriter at the i 
other end of the wooden : 
table. She turns it off - 
and when the vibration 
stops, user asks, “Do 
you think it was the 
typewriter that was 
shocking me?” 


In Translation 
Boss’s fast new CD 


: media, so tech pilot fish 
: asks the office secretary 
: to order some record- 


able CDs rated at 40X. 


: “imagine my surprise 


later in the day,” fish 


: groans, “to hear the wa- 
about my trying to ac- 


quire 40 X-rated CDs for 


: my department!” 


: Tolerant Indeed 
? that this branch office's 


? network connection is 


Penny-Wise 

When an error brings 
down this company’s 
Web site shopping-cart_ : 
engine on a Friday after- : 
noon, pilot fish can’t re- 
store the corrupted file 
boss, who has already 
left. Is the entire site 
down? irritated boss : 
asks once he’s finally lo- : 
cated. “We're not spend- : 
ing money on overtime 
to restore one @#5%! =: 
file!” Sighs fish, “We got : 
the file restored at the 
end of the day Monday. 
Based on the Web ac- 
cess logs, at least 

$17,200 wasn't spent 
with us over the week- 


staaeeekscweanansaanesen: 


; too slow, so IT pilot fish 
: Checks inte the cost of a 
? THiline. “Thinking ! can 
: reduce latency by stay- 


ing on the same network 


: as the main office, | call 
: the network admin 


there,” says fish. Who 


: used for the second T1 
: line you installed for 


fault tolerance? fish 
asks - and is stunned to 


: learn that both Tt lines 
? come from the same In- 


ternet service provider 


: Sighs fish, “The IT man- 
: ager didn’t want to have 
: to look at two bills each 


month.” 


nenaea open noaseee: 


sharky@computerworld.com. You snag a snazzy 
Shark shirt if we use it. And check out the daily feed, browse 
the Sharkives and sign up for Shark Tank home delivery at 
sevetdaseiiidis. 


Frank Hayes, Computer- 
world's senior news colum- 
nist, has covered IT for more 
than 20 years. Contact him at 


motivated projects, the really awful 
decisions. 

Because until you can get rid of 
them, you’re stuck with sabotage. D 


also a reality. In fact, it’s a necessity. 
Sabotage shouldn’t happen. But 

then, neither should ill-conceived 

projects or wrong-headed policies. 








Find out when 
Computerworld 
publishes the 
results from our 


{/th Annual 
Salary Survey of 


IT Professionals! 
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How much are other IT professionals with your experience and credentials earning? 
With help from you and your IT colleagues across the country, Computerworld will 
answer those questions with results from our 17th Annual Salary Survey. 

Please take our survey now and enter a drawing to win a $499 gift certificate from 
Amazon.com. Our survey period closes on Thursday, July 3 at 5:00 p.m. 

Survey results and feature stories that offer practical career advice will be published in 
the October 27, 2003, issue of Computerworld. The issue will offer detailed informa- 
tion on average salaries and bonuses, by title, industry and region. You'll be able to 
compare your organization's compensation plans with those of other 

organizations and find the hottest areas of the country for IT pay. 


COMPUTERWORLD 


SALARY 
To take the survey, and qualify for the drawing, go to: SURVEY 


computerworld.com/ss2003 2003 
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‘affordable ___Our voice 

communications: Pare er scoaMec 

local, long distance, to be en one 

and Internet. ; global network. | 


Together. From one company. 


__—*r 
ICL 


jucing MCI Advantage, the world’s first truly converged voice and 

rvice. It gives your company local and long distance calling with 

ices on one global IP network. Plus easy online account 

nt, voicemail contro! features, and pay-as-you-go flexibility with 

nal upfront investment. In other words, it's what every CEO and CIO 

wants. To get your MCI Advantage now, call 1888 886 3844 or go 
to www.mci.com/go/proof 
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